Cross-site Scripting Vulnerability in CommentLuv Plugin for WordPress
CVE-2013-1409

Currently unrated

Key Information:

Vendor

Wordpress
Status
Commentluv
Vendor
CVE Published:
3 March 2014

What is CVE-2013-1409?

A Cross-site Scripting (XSS) vulnerability exists in the CommentLuv plugin for WordPress, specifically in versions prior to 2.92.4. This flaw allows remote attackers to exploit the _ajax_nonce parameter in wp-admin/admin-ajax.php, which could enable malicious actors to inject arbitrary web scripts or HTML. This vulnerability can compromise the security of WordPress sites and potentially expose user data.

References

http://packetstormsecurity.com/files/120090/WordPress-Com...
x_refsource_MISC
http://wordpress.org/plugins/commentluv/changelog
x_refsource_MISC
http://archives.neohapsis.com/archives/bugtraq/2013-02/00...
mailing-listx_refsource_BUGTRAQ

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
The Cyber Security Vulnerability Database.