Vulnerability Details CVE-2021-4227
The ark-commenteditor WordPress plugin through 2.15.6 does not properly sanitise or encode the comments when in Source editor, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page to the comment section
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 44.8%
CVSS Severity
CVSS v3 Score 5.3
References
Products affected by CVE-2021-4227
-
cpe:2.3:a:obg:ark_wysiwyg_comment_editor:2.15.6