Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8
CVE-2021-24737
- EPSS 0.21%
- Veröffentlicht 11.10.2021 11:15:09
- Zuletzt bearbeitet 21.11.2024 05:53:39
The Comments – wpDiscuz WordPress plugin through 7.3.0 does not properly sanitise or escape the Follow and Unfollow messages before outputting them in the page, which could allow high privilege users to perform Stored Cross-Site Scripting attacks eve...
- EPSS 94.21%
- Veröffentlicht 24.08.2020 14:15:12
- Zuletzt bearbeitet 21.11.2024 05:14:28
A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the wmuUploadFiles AJAX action.
9.8
CVE-2020-13640
- EPSS 73.95%
- Veröffentlicht 18.06.2020 15:15:10
- Zuletzt bearbeitet 21.11.2024 05:01:39
A SQL injection issue in the gVectors wpDiscuz plugin 5.3.5 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the order parameter of a wpdLoadMoreComments request. (No 7.x versions are affected.)