Gvectors: >> Wpdiscuz >> 7.4.1 Security Vulnerabilities
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in gVectors Team Comments — wpDiscuz plugin <= 7.6.11 versions.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-11-06
The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the voteOnComment function in versions up to, and including, 7.6.3. This makes it possible for unauthenticated attackers to increase or decrease the rating of a comment.
CVSS Score
5.3
EPSS Score
0.002
Published
2023-10-20
The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the userRate function in versions up to, and including, 7.6.3. This makes it possible for unauthenticated attackers to increase or decrease the rating of a post.
CVSS Score
5.3
EPSS Score
0.002
Published
2023-10-20
Page 2