MidnightBSD

Advisories for commentluv

CVE-2013-1409 MEDIUM

Cross-site scripting (XSS) vulnerability in the CommentLuv plugin before 2.92.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the _ajax_nonce parameter to wp-admin/admin-ajax.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
commentluv commentluv 2.768
commentluv commentluv 2.81.8
commentluv commentluv 2.90.9.9.3
commentluv commentluv 2.90.6
commentluv commentluv 2.90.9.2
commentluv commentluv 2.90.9.9.2
commentluv commentluv 2.92
commentluv commentluv 2.92.2
commentluv commentluv 2.90.9.9.1
commentluv commentluv 2.766
commentluv commentluv 2.81.2
commentluv commentluv 2.81.7
commentluv commentluv 2.90.9.4
commentluv commentluv 2.761
commentluv commentluv 2.765
commentluv commentluv 2.90.8.3
commentluv commentluv 2.81.1
commentluv commentluv 2.90.3
commentluv commentluv 2.90.8.2
commentluv commentluv 2.91
commentluv commentluv 2.7691
commentluv commentluv 2.71
commentluv commentluv 2.767
commentluv commentluv *
commentluv commentluv 2.92.1
commentluv commentluv 2.90.9.1
commentluv commentluv 2.81.6
commentluv commentluv 2.762
commentluv commentluv 2.90.9.7
commentluv commentluv 2.81.3
commentluv commentluv 2.90.9.8
commentluv commentluv 2.764
commentluv commentluv 2.90.9
commentluv commentluv 2.76
commentluv commentluv 2.90.1
commentluv commentluv 2.81.4
commentluv commentluv 2.81.5
commentluv commentluv 2.90.7
commentluv commentluv 2.90.9.5
commentluv commentluv 2.90.8.1
commentluv commentluv 2.90.8
commentluv commentluv 2.7
commentluv commentluv 2.81
commentluv commentluv 2.74
commentluv commentluv 2.763
commentluv commentluv 2.769
commentluv commentluv 2.90.9.3
commentluv commentluv 2.90.9.9
commentluv commentluv 2.90.9.6
commentluv commentluv 2.91.1
commentluv commentluv 2.90.5
commentluv commentluv 2.80