Bologer

bologer

4 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-0279 1Bologer 1Anycomment Jun 17, 2026 Feb 21, 2022 N/A· v4 3.1 LOW· v3 3.5 LOW· v2 The AnyComment WordPress plugin before 0.2.18 is affected by a race condition when liking/disliking a comment/reply, which could allow any authenticated user to quickly raise their rating or lower the rating of other use...Show more The AnyComment WordPress plugin before 0.2.18 is affected by a race condition when liking/disliking a comment/reply, which could allow any authenticated user to quickly raise their rating or lower the rating of other usersShow less
CVE-2022-0134 1Bologer 1Anycomment Jun 17, 2026 Feb 21, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The AnyComment WordPress plugin before 0.2.18 does not have CSRF checks in the Import and Revert HyperComments features, allowing attackers to make logged in admin perform such actions via a CSRF attack
CVE-2021-24838 1Bologer 1Anycomment Jun 17, 2026 Jan 17, 2022 N/A· v4 6.1 MEDIUM· v3 5.8 MEDIUM· v2 The AnyComment WordPress plugin before 0.3.5 has an API endpoint which passes user input via the redirect parameter to the wp_redirect() function without being validated first, leading to an Open Redirect issue, which ac...Show more The AnyComment WordPress plugin before 0.3.5 has an API endpoint which passes user input via the redirect parameter to the wp_redirect() function without being validated first, leading to an Open Redirect issue, which according to the vendor, is a feature.Show less
CVE-2018-21001 1Bologer 1Anycomment Nov 21, 2024 Aug 27, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The anycomment plugin before 0.0.33 for WordPress has XSS.