CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23702 – WordPress Comments Ratings Plugin <= 1.1.7 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-23702
03 Nov 2023 — Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pixelgrade Comments Ratings plugin <= 1.1.7 versions. Vulnerabilidad de Coss-Site Scripting (XSS) autenticada (con permisos de admin o superiores) almacenada en el complemento Pixelgrade Comments Ratings en versiones <= 1.1.7. The Comments Ratings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This m... • https://patchstack.com/database/vulnerability/comments-ratings/wordpress-comments-ratings-plugin-1-1-7-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45654 – WordPress Comments Ratings Plugin <= 1.1.7 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-45654
12 Oct 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade Comments Ratings plugin <= 1.1.7 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Pixelgrade Comments Ratings en versiones <= 1.1.7. The Comments Ratings plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.7. This is due to missing or incorrect nonce validation on on of its functions. This makes it possible for unauthenticated attackers to invoke this function vi... • https://patchstack.com/database/vulnerability/comments-ratings/wordpress-comments-ratings-plugin-1-1-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23704 – WordPress Comments Ratings Plugin <= 1.1.6 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-23704
07 Apr 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade Comments Ratings plugin <= 1.1.6 versions. The Comments Ratings plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.6. This is due to missing or incorrect nonce validation on the run() function. This makes it possible for unauthenticated attackers to modify the plugin's settings, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.... • https://patchstack.com/database/vulnerability/comments-ratings/wordpress-comments-ratings-plugin-1-1-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •