CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49159 – WordPress CommentLuv Plugin <= 3.0.4 is vulnerable to Server Side Request Forgery (SSRF)
https://notcve.org/view.php?id=CVE-2023-49159
28 Nov 2023 — Server-Side Request Forgery (SSRF) vulnerability in Elegant Digital Solutions CommentLuv.This issue affects CommentLuv: from n/a through 3.0.4. Vulnerabilidad de Server-Side Request Forgery (SSRF) en Elegant Digital Solutions CommentLuv. Este problema afecta a CommentLuv: desde n/a hasta 3.0.4. The CommentLuv plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.0.4 via the do_click function. This makes it possible for unauthenticated attackers to make web... • https://patchstack.com/database/vulnerability/commentluv/wordpress-commentluv-plugin-3-0-4-server-side-request-forgery-ssrf-vulnerability?_s_id=cve • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.1EPSS: 2%CPEs: 53EXPL: 4CVE-2013-1409 – CommentLuv < 2.92.4 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2013-1409
06 Feb 2013 — Cross-site scripting (XSS) vulnerability in the CommentLuv plugin before 2.92.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the _ajax_nonce parameter to wp-admin/admin-ajax.php. Vulnerabilidad de XSS en el plugin CommentLuv anterior a 2.92.4 para WordPress permite a atacantes remotos inyectar script Web o HTML arbitrarios a través del parámetro _ajax_nonce hacia wp-admin/admin-ajax.php. The CommentLuv plugin for WordPress is vulnerable to Reflected Cross-Site Scripting v... • https://www.exploit-db.com/exploits/38296 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •