Gvectors

Wpdiscuz

19 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.3

CVE-2023-46309

  • EPSS 0.1%
  • Veröffentlicht 02.01.2025 12:15:11
  • Zuletzt bearbeitet 29.05.2025 20:19:10

Missing Authorization vulnerability in gVectors Team wpDiscuz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpDiscuz: from n/a through 7.6.10.

8.8

CVE-2023-45760

  • EPSS 0.37%
  • Veröffentlicht 02.01.2025 12:15:09
  • Zuletzt bearbeitet 29.05.2025 20:33:06

Missing Authorization vulnerability in gVectors Team wpDiscuz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpDiscuz: from n/a through 7.6.3.

9.8

CVE-2024-9488

  • EPSS 0.93%
  • Veröffentlicht 25.10.2024 06:15:13
  • Zuletzt bearbeitet 06.11.2024 14:57:04

The Comments – wpDiscuz plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.6.24. This is due to insufficient verification on the user being returned by the social login token. This makes it possible fo...

6.1

CVE-2024-6704

  • EPSS 8.43%
  • Veröffentlicht 02.08.2024 11:16:43
  • Zuletzt bearbeitet 05.06.2025 16:38:43

The Comments – wpDiscuz plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 7.6.21. This is due to a lack of filtering of HTML tags in comments. This makes it possible for unauthenticated attackers to add HTML s...

5.4

CVE-2024-35681

  • EPSS 0.16%
  • Veröffentlicht 08.06.2024 15:15:50
  • Zuletzt bearbeitet 21.11.2024 09:20:39

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in gVectors Team wpDiscuz allows Stored XSS.This issue affects wpDiscuz: from n/a through 7.6.18.

6.1

CVE-2023-46310

  • EPSS 0.24%
  • Veröffentlicht 04.06.2024 10:15:10
  • Zuletzt bearbeitet 29.05.2025 20:21:22

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVectors Team wpDiscuz allows Code Injection.This issue affects wpDiscuz: from n/a through 7.6.10.

5.4

CVE-2024-2477

  • EPSS 0.11%
  • Veröffentlicht 23.04.2024 14:15:08
  • Zuletzt bearbeitet 05.06.2025 20:50:41

The wpDiscuz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Alternative Text' field of an uploaded image in all versions up to, and including, 7.6.15 due to insufficient input sanitization and output escaping. This makes i...

4.8

CVE-2023-51691

  • EPSS 0.05%
  • Veröffentlicht 01.02.2024 11:15:12
  • Zuletzt bearbeitet 21.11.2024 08:38:37

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gVectors Team Comments – wpDiscuz allows Stored XSS.This issue affects Comments – wpDiscuz: from n/a through 7.6.12.

6.5

CVE-2023-46311

  • EPSS 0.07%
  • Veröffentlicht 20.12.2023 14:15:20
  • Zuletzt bearbeitet 21.11.2024 08:28:16

Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team Comments – wpDiscuz.This issue affects Comments – wpDiscuz: from n/a through 7.6.3.

8.8

CVE-2023-47775

  • EPSS 0.07%
  • Veröffentlicht 22.11.2023 19:15:08
  • Zuletzt bearbeitet 21.11.2024 08:30:47

Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team Comments — wpDiscuz plugin <= 7.6.11 versions.