Unauthenticated Attackers Can Use HTML Injection in wpDiscuz Plugin for WordPress
CVE-2024-6704
6.1MEDIUM
What is CVE-2024-6704?
The Comments – wpDiscuz plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 7.6.21. This is due to a lack of filtering of HTML tags in comments. This makes it possible for unauthenticated attackers to add HTML such as hyperlinks to comments when rich editing is disabled.