Cross-site Scripting Vulnerability in CommentLuv Plugin for WordPress
CVE-2013-1409

Currently unrated

Key Information:

Vendor: Wordpress
Status: Commentluv
Vendor: CVE Published:; 3 March 2014

Summary

A Cross-site Scripting (XSS) vulnerability exists in the CommentLuv plugin for WordPress, specifically in versions prior to 2.92.4. This flaw allows remote attackers to exploit the _ajax_nonce parameter in wp-admin/admin-ajax.php, which could enable malicious actors to inject arbitrary web scripts or HTML. This vulnerability can compromise the security of WordPress sites and potentially expose user data.

References

http://packetstormsecurity.com/files/120090/WordPress-Com...

x_refsource_MISC

http://wordpress.org/plugins/commentluv/changelog

x_refsource_MISC

http://archives.neohapsis.com/archives/bugtraq/2013-02/00...

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Mar 3, 2014
Vulnerability Reserved
Jan 19, 2013