Skip to main content

Anycomment

2 CVEs product

Monthly

CVE-2022-0279 LOW POC Monitor

The AnyComment WordPress plugin before 0.2.18 is affected by a race condition when liking/disliking a comment/reply, which could allow any authenticated user to quickly raise their rating or lower. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Race Condition WordPress Information Disclosure Anycomment
NVD WPScan
CVSS 3.1
3.1
EPSS
0.5%
CVE-2022-0134 HIGH POC This Week

The AnyComment WordPress plugin before 0.2.18 does not have CSRF checks in the Import and Revert HyperComments features, allowing attackers to make logged in admin perform such actions via a CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Anycomment
NVD WPScan
CVSS 3.1
8.8
EPSS
0.6%
EPSS 0% CVSS 3.1
LOW POC Monitor

The AnyComment WordPress plugin before 0.2.18 is affected by a race condition when liking/disliking a comment/reply, which could allow any authenticated user to quickly raise their rating or lower. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Race Condition WordPress Information Disclosure +1
NVD WPScan
EPSS 1% CVSS 8.8
HIGH POC This Week

The AnyComment WordPress plugin before 0.2.18 does not have CSRF checks in the Import and Revert HyperComments features, allowing attackers to make logged in admin perform such actions via a CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Anycomment
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy