Cross-site Scripting Vulnerability in CommentLuv Plugin for WordPress
CVE-2013-1409
Currently unrated
What is CVE-2013-1409?
A Cross-site Scripting (XSS) vulnerability exists in the CommentLuv plugin for WordPress, specifically in versions prior to 2.92.4. This flaw allows remote attackers to exploit the _ajax_nonce parameter in wp-admin/admin-ajax.php, which could enable malicious actors to inject arbitrary web scripts or HTML. This vulnerability can compromise the security of WordPress sites and potentially expose user data.