EUVD-2026-24642
GHSA-39pg-69jq-6vx9
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
The Short Comment Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Minimum Count' settings field in all versions up to and including 2.2. This is due to insufficient input sanitization (no sanitize callback on register_setting) and missing output escaping (no esc_attr() on the echoed value in the input's value attribute). The option value is stored via update_option() and rendered unescaped in an HTML attribute context. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in the settings page that will execute whenever a user accesses that page. This is particularly impactful in WordPress multisite installations or when DISALLOW_UNFILTERED_HTML is set, where administrators are not granted the unfiltered_html capability.
AnalysisAI
Stored Cross-Site Scripting in Short Comment Filter WordPress plugin up to version 2.2 allows authenticated administrators to inject arbitrary JavaScript through the 'Minimum Count' settings field due to missing input sanitization and output escaping. The vulnerability affects all versions through 2.2 and has particular impact in WordPress multisite environments or when DISALLOW_UNFILTERED_HTML is configured, where administrators lack unfiltered_html capabilities. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Share
External POC / Exploit Code
Leaving vuln.today