CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45634 – WordPress Copy Or Move Comments Plugin <= 5.0.4 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-45634
11 Oct 2023 — Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Biztechc Copy or Move Comments plugin <= 5.0.4 versions. Vulnerabilidad de Cross-Site Scripting (XSS) Reflejada No Autenticada en el complemento Biztechc Copy or Move Comments en versiones <= 5.0.4. The Copy Or Move Comments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 5.0.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ... • https://patchstack.com/database/vulnerability/copy-or-move-comments/wordpress-copy-or-move-comments-plugin-5-0-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28748 – WordPress Copy Or Move Comments Plugin <= 5.0.4 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2023-28748
03 Oct 2023 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in biztechc Copy or Move Comments allows SQL Injection.This issue affects Copy or Move Comments: from n/a through 5.0.4. La neutralización incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ("Inyección SQL") en Biztechc Copy or Move Comments permite la inyección SQL. Este problema afecta Copy or Move Comments: desde n/a hasta 5.0.4. The Copy Or Move Comments plugin for WordPress... • https://patchstack.com/database/vulnerability/copy-or-move-comments/wordpress-copy-or-move-comments-plugin-5-0-4-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •