Aggregates CVE and security vulnerability intelligence across all bologer-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Disclosed issues often relate to vendor risk cross-site scripting, vendor risk csrf, and vendor risk open redirect; exposure may include vendor impact session compromise in vendor surface production workloads contexts.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2022-0279 | The AnyComment WordPress plugin before 0.2.18 is affected by a race condition when liking/disliking a comment/reply, which could allow any authenticated user to quickly raise their rating or lower the rating of other users | [email protected] | 3.1 | 0.17% | 2022-02-21 | 2024-11-21 |
| CVE-2022-0134 | The AnyComment WordPress plugin before 0.2.18 does not have CSRF checks in the Import and Revert HyperComments features, allowing attackers to make logged in admin perform such actions via a CSRF attack | [email protected] | 8.8 | 0.38% | 2022-02-21 | 2024-11-21 |
| CVE-2021-24838 | The AnyComment WordPress plugin before 0.3.5 has an API endpoint which passes user input via the redirect parameter to the wp_redirect() function without being validated first, leading to an Open Redirect issue, which according to the vendor, is a feature. | [email protected] | 6.1 | 2.34% | 2022-01-17 | 2024-11-21 |
| CVE-2018-21001 | The anycomment plugin before 0.0.33 for WordPress has XSS. | [email protected] | 6.1 | 0.21% | 2019-08-27 | 2024-11-21 |