Vulnerabilities > Gvectors > Wpdiscuz

DATE CVE VULNERABILITY TITLE RISK
2024-06-08 CVE-2024-35681 Cross-site Scripting vulnerability in Gvectors Wpdiscuz
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in gVectors Team wpDiscuz allows Stored XSS.This issue affects wpDiscuz: from n/a through 7.6.18.
network
low complexity
gvectors CWE-79
5.4
5.4
2024-02-01 CVE-2023-51691 Cross-site Scripting vulnerability in Gvectors Wpdiscuz
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gVectors Team Comments – wpDiscuz allows Stored XSS.This issue affects Comments – wpDiscuz: from n/a through 7.6.12.
network
low complexity
gvectors CWE-79
4.8
4.8
2023-12-20 CVE-2023-46311 Authorization Bypass Through User-Controlled Key vulnerability in Gvectors Wpdiscuz
Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team Comments – wpDiscuz.This issue affects Comments – wpDiscuz: from n/a through 7.6.3.
network
low complexity
gvectors CWE-639
6.5
6.5
2023-11-22 CVE-2023-47775 Cross-Site Request Forgery (CSRF) vulnerability in Gvectors Wpdiscuz
Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team Comments — wpDiscuz plugin <= 7.6.11 versions.
network
low complexity
gvectors CWE-352
8.8
8.8
2023-11-06 CVE-2023-47185 Cross-site Scripting vulnerability in Gvectors Wpdiscuz
Unauth.
network
low complexity
gvectors CWE-79
6.1
6.1
2023-10-20 CVE-2023-3869 Missing Authorization vulnerability in Gvectors Wpdiscuz
The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the voteOnComment function in versions up to, and including, 7.6.3.
network
low complexity
gvectors CWE-862
5.3
5.3
2023-10-20 CVE-2023-3998 Missing Authorization vulnerability in Gvectors Wpdiscuz
The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the userRate function in versions up to, and including, 7.6.3.
network
low complexity
gvectors CWE-862
5.3
5.3
2022-11-18 CVE-2022-43492 Authorization Bypass Through User-Controlled Key vulnerability in Gvectors Wpdiscuz 7.4.2
Auth.
network
low complexity
gvectors CWE-639
8.8
8.8
2022-02-21 CVE-2022-23984 Information Exposure vulnerability in Gvectors Wpdiscuz
Sensitive information disclosure discovered in wpDiscuz WordPress plugin (versions <= 7.3.11).
network
low complexity
gvectors CWE-200
5.0
5.0
2021-11-08 CVE-2021-24806 Cross-Site Request Forgery (CSRF) vulnerability in Gvectors Wpdiscuz
The wpDiscuz WordPress plugin before 7.3.4 does check for CSRF when adding, editing and deleting comments, which could allow attacker to make logged in users such as admin edit and delete arbitrary comment, or the user who made the comment to edit it via a CSRF attack.
network
gvectors CWE-352
4.3
4.3