Stored XSS Vulnerability in Comments Evolved for WordPress
CVE-2024-34420
5.9MEDIUM
Key Information
- Vendor
- Talspotim
- Status
- Comments Evolved For WordPress
- Vendor
- Published:
- 14 May 2024
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in talspotim Comments Evolved for WordPress allows Stored XSS.This issue affects Comments Evolved for WordPress: from n/a through 1.6.3.
Affected Version(s)
Comments Evolved for WordPress <= 1.6.3
CVSS V3.1
Score:
5.9
Severity:
MEDIUM
Confidentiality:
LOW
Integrity:
LOW
Availability:
LOW
Attack Complexity:
LOW
Privileges Required:
HIGH
User Interaction:
REQUIRED
Scope:
CHANGED
Timeline
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database
Credit
Sharanabasappa (Patchstack Alliance)