bologer 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
公開された問題は vendor risk cross-site scripting、vendor risk csrf, and vendor risk open redirect に関連することが多く、vendor surface production workloads and vendor surface software deployment の文脈で vendor impact session compromise などの暴露リスクを伴う場合があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2022-0279 | The AnyComment WordPress plugin before 0.2.18 is affected by a race condition when liking/disliking a comment/reply, which could allow any authenticated user to quickly raise their rating or lower the rating of other users | [email protected] | 3.1 | 0.49% | 2022-02-21 | 2026-06-17 |
| CVE-2022-0134 | The AnyComment WordPress plugin before 0.2.18 does not have CSRF checks in the Import and Revert HyperComments features, allowing attackers to make logged in admin perform such actions via a CSRF attack | [email protected] | 8.8 | 0.64% | 2022-02-21 | 2026-06-17 |
| CVE-2021-24838 | The AnyComment WordPress plugin before 0.3.5 has an API endpoint which passes user input via the redirect parameter to the wp_redirect() function without being validated first, leading to an Open Redirect issue, which according to the vendor, is a feature. | [email protected] | 6.1 | 2.22% | 2022-01-17 | 2026-06-16 |
| CVE-2018-21001 | The anycomment plugin before 0.0.33 for WordPress has XSS. | [email protected] | 6.1 | 0.91% | 2019-08-27 | 2026-06-16 |