CVE-2013-1409

Cross-site scripting (XSS) vulnerability in the CommentLuv plugin before 2.92.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the _ajax_nonce parameter to wp-admin/admin-ajax.php.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 84%
VendorProductVersion
commentluvcommentluv
𝑥
≤ 2.92.3
commentluvcommentluv
2.7
commentluvcommentluv
2.71
commentluvcommentluv
2.74
commentluvcommentluv
2.76
commentluvcommentluv
2.80
commentluvcommentluv
2.81
commentluvcommentluv
2.81.1
commentluvcommentluv
2.81.2
commentluvcommentluv
2.81.3
commentluvcommentluv
2.81.4
commentluvcommentluv
2.81.5
commentluvcommentluv
2.81.6
commentluvcommentluv
2.81.7
commentluvcommentluv
2.81.8
commentluvcommentluv
2.90.1
commentluvcommentluv
2.90.3
commentluvcommentluv
2.90.5
commentluvcommentluv
2.90.6
commentluvcommentluv
2.90.7
commentluvcommentluv
2.90.8
commentluvcommentluv
2.90.8.1
commentluvcommentluv
2.90.8.2
commentluvcommentluv
2.90.8.3
commentluvcommentluv
2.90.9
commentluvcommentluv
2.90.9.1
commentluvcommentluv
2.90.9.2
commentluvcommentluv
2.90.9.3
commentluvcommentluv
2.90.9.4
commentluvcommentluv
2.90.9.5
commentluvcommentluv
2.90.9.6
commentluvcommentluv
2.90.9.7
commentluvcommentluv
2.90.9.8
commentluvcommentluv
2.90.9.9
commentluvcommentluv
2.90.9.9.1
commentluvcommentluv
2.90.9.9.2
commentluvcommentluv
2.90.9.9.3
commentluvcommentluv
2.91
commentluvcommentluv
2.91.1
commentluvcommentluv
2.92
commentluvcommentluv
2.92.1
commentluvcommentluv
2.92.2
commentluvcommentluv
2.761
commentluvcommentluv
2.762
commentluvcommentluv
2.763
commentluvcommentluv
2.764
commentluvcommentluv
2.765
commentluvcommentluv
2.766
commentluvcommentluv
2.767
commentluvcommentluv
2.768
commentluvcommentluv
2.769
commentluvcommentluv
2.7691
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://archives.neohapsis.com/archives/bugtraq/2013-02/0031.html
http://osvdb.org/89925
http://packetstormsecurity.com/files/120090/WordPress-CommentLuv-2.92.3-Cross-Site-Scripting.html
http://wordpress.org/plugins/commentluv/changelog
https://www.htbridge.com/advisory/HTB23138
http://archives.neohapsis.com/archives/bugtraq/2013-02/0031.html
http://osvdb.org/89925
http://packetstormsecurity.com/files/120090/WordPress-CommentLuv-2.92.3-Cross-Site-Scripting.html
http://wordpress.org/plugins/commentluv/changelog
https://www.htbridge.com/advisory/HTB23138