Unauthenticated Attackers Can Use HTML Injection in wpDiscuz Plugin for WordPress
CVE-2024-6704

6.1MEDIUM

Key Information:

Vendor

Wordpress

Status
Vendor
CVE Published:
2 August 2024

What is CVE-2024-6704?

The Comments – wpDiscuz plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 7.6.21. This is due to a lack of filtering of HTML tags in comments. This makes it possible for unauthenticated attackers to add HTML such as hyperlinks to comments when rich editing is disabled.

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

.