ThreatPress

WordPress Vulnerabilities Database

Back

WordPress WP Advanced Comment Plugin 0.10 - Persistent XSS

Product
WP Advanced Comment
Description
Because of this persistent XSS vulnerability, an attacker can change the value of "name="comment[meta_value]" " parameter.
Solution
Upgrade the plugin.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Exploit-DB
CVE
Name CVE-N/A
Versions
Affected In <= 0.10
Fixed In 0.11
Disclosure date
2016-03-10
Credits
Mohammad Khaleghi