CVE-2022-43492 Auth

CVE-2022-43492 Auth

This issue exists because the plugin does not sanitize user-supplied comments before displaying them on a public website.

Thus, a hacker can inject HTML code into a comment that redirects the victim visitor to another website or injects JavaScript code to steal cookie information or carry out phishing activities. If you are using the wpDiscuz plugin on your website, update the plugin as soon as possible to remove this vulnerability.

Summary of wpDiscuz

Plugin Vulnerability
A vulnerability was found in an online WordPress plugin. This issue exists because the plugin does not sanitize user-supplied comments before displaying them on a public website. Thus, a hacker can inject HTML code into a comment that redirects the victim visitor to another website or injects JavaScript code to steal cookie information or carry out phishing activities. If you are using the wpDiscuz plugin on your website, update the plugin as soon as possible to remove this vulnerability.

Summary of wpDiscuz WordPress Plugin Vulnerability

The wpDiscuz WordPress plugin has a vulnerability that allows users to inject HTML code into a comment before it is displayed on a public website. The attacker can steal cookie information or carry out phishing activities, and the plugin does not sanitize the contents of user-supplied comments before displaying them on the public website. In order to prevent this vulnerability, update your wpDiscuz WordPress plugin as soon as possible.

This issue was fixed in version 2.1.4 released two weeks after CVE-2022-43492 was reported

CVE-2023-43495

This issue exists because the plugin does not sanitize user-supplied comments before displaying them on a public website.

A hacker can inject HTML code into a comment that redirects the victim visitor to another website or injects JavaScript code to steal cookie information or carry out phishing activities. If you are using the wpDiscuz plugin on your website, update the plugin as soon as possible to remove this vulnerability.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe