Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Comment Engine Pro plugin (versions <= 1.0), could be exploited by users with Editor or higher role.
References
Link | Resource |
---|---|
https://patchstack.com/database/vulnerability/comment-engine-pro/wordpress-comment-engine-pro-plugin-1-0-stored-cross-site-scripting-xss-vulnerability | Third Party Advisory |
https://wordpress.org/plugins/comment-engine-pro/ | Product Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2021-12-10 17:15
Updated : 2024-02-28 18:48
NVD link : CVE-2021-36911
Mitre link : CVE-2021-36911
CVE.ORG link : CVE-2021-36911
JSON object : View
Products Affected
comment_engine_pro_project
- comment_engine_pro
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')