This issue exists because the plugin does not sanitize user-supplied comments before displaying them on a public website.
Thus, a hacker can inject HTML code into a comment that redirects the victim visitor to another website or injects JavaScript code to steal cookie information or carry out phishing activities. If you are using the wpDiscuz plugin on your website, update the plugin as soon as possible to remove this vulnerability.
Summary of wpDiscuz
Plugin Vulnerability
A vulnerability was found in an online WordPress plugin. This issue exists because the plugin does not sanitize user-supplied comments before displaying them on a public website. Thus, a hacker can inject HTML code into a comment that redirects the victim visitor to another website or injects JavaScript code to steal cookie information or carry out phishing activities. If you are using the wpDiscuz plugin on your website, update the plugin as soon as possible to remove this vulnerability.
Summary of wpDiscuz WordPress Plugin Vulnerability
The wpDiscuz WordPress plugin has a vulnerability that allows users to inject HTML code into a comment before it is displayed on a public website. The attacker can steal cookie information or carry out phishing activities, and the plugin does not sanitize the contents of user-supplied comments before displaying them on the public website. In order to prevent this vulnerability, update your wpDiscuz WordPress plugin as soon as possible.
This issue was fixed in version 2.1.4 released two weeks after CVE-2022-43492 was reported
CVE-2023-43495
This issue exists because the plugin does not sanitize user-supplied comments before displaying them on a public website.
A hacker can inject HTML code into a comment that redirects the victim visitor to another website or injects JavaScript code to steal cookie information or carry out phishing activities. If you are using the wpDiscuz plugin on your website, update the plugin as soon as possible to remove this vulnerability.
Timeline
Published on: 11/18/2022 23:15:00 UTC
Last modified on: 11/22/2022 20:48:00 UTC