CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45634 – WordPress Copy Or Move Comments Plugin <= 5.0.4 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-45634
11 Oct 2023 — Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Biztechc Copy or Move Comments plugin <= 5.0.4 versions. Vulnerabilidad de Cross-Site Scripting (XSS) Reflejada No Autenticada en el complemento Biztechc Copy or Move Comments en versiones <= 5.0.4. The Copy Or Move Comments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 5.0.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ... • https://patchstack.com/database/vulnerability/copy-or-move-comments/wordpress-copy-or-move-comments-plugin-5-0-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28748 – WordPress Copy Or Move Comments Plugin <= 5.0.4 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2023-28748
03 Oct 2023 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in biztechc Copy or Move Comments allows SQL Injection.This issue affects Copy or Move Comments: from n/a through 5.0.4. La neutralización incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ("Inyección SQL") en Biztechc Copy or Move Comments permite la inyección SQL. Este problema afecta Copy or Move Comments: desde n/a hasta 5.0.4. The Copy Or Move Comments plugin for WordPress... • https://patchstack.com/database/vulnerability/copy-or-move-comments/wordpress-copy-or-move-comments-plugin-5-0-4-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4295 – Show All Comments < 7.0.1 - Reflected XSS
https://notcve.org/view.php?id=CVE-2022-4295
23 Dec 2022 — The Show All Comments WordPress plugin before 7.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a logged in high privilege users such as admin. El complemento Show all comments de WordPress anterior a 7.0.1 no sanitiza ni escapa un parámetro antes de devolverlo a la página, lo que genera un Cross-Site Scripting reflejado entre sitios que podría usarse contra usuarios registrados con privilegios elevad... • https://wpscan.com/vulnerability/4ced1a4d-0c1f-42ad-8473-241c68b92b56 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •