CPE-410D08AB-E993-4F5F-8766-91E8E732EB86 Detail

CPE Details

gVectors wpDiscuz 7.4.2 for WordPress

Vendor

gvectors

Product

wpdiscuz

Version

7.4.2

Created

2022-11-22
18h43 +00:00

Modified

2022-12-02
17h22 +00:00

Official links

CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Notifications manage

List of Notifications

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

CPE ID

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CPE Name: cpe:2.3:a:gvectors:wpdiscuz:7.4.2:::::wordpress::

Informations

Vendor

gvectors

Product

wpdiscuz

Version

7.4.2

Target Software

wordpress

Related CVE

Open and find in CVE List

CVE ID	Published	Description	Score	Severity
CVE-2024-9488	2024-10-25 05h35 +00:00	The Comments – wpDiscuz plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.6.24. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token.	9.8	Critical
CVE-2024-35681	2024-06-08 15h00 +00:00	Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in gVectors Team wpDiscuz allows Stored XSS.This issue affects wpDiscuz: from n/a through 7.6.18.	6.5	Medium
CVE-2023-51691	2024-02-01 10h57 +00:00	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gVectors Team Comments – wpDiscuz allows Stored XSS.This issue affects Comments – wpDiscuz: from n/a through 7.6.12.	5.9	Medium
CVE-2023-46311	2023-12-20 13h32 +00:00	Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team Comments – wpDiscuz.This issue affects Comments – wpDiscuz: from n/a through 7.6.3.	6.5	Medium
CVE-2023-47775	2023-11-22 18h23 +00:00	Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team Comments — wpDiscuz plugin <= 7.6.11 versions.	8.8	High
CVE-2023-47185	2023-11-06 10h56 +00:00	Unauth. Stored Cross-Site Scripting (XSS) vulnerability in gVectors Team Comments — wpDiscuz plugin <= 7.6.11 versions.	6.1	Medium
CVE-2023-3869	2023-10-20 07h29 +00:00	The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the voteOnComment function in versions up to, and including, 7.6.3. This makes it possible for unauthenticated attackers to increase or decrease the rating of a comment.	5.3	Medium
CVE-2023-3998	2023-10-20 07h29 +00:00	The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the userRate function in versions up to, and including, 7.6.3. This makes it possible for unauthenticated attackers to increase or decrease the rating of a post.	5.3	Medium
CVE-2022-43492	2022-11-18 22h08 +00:00	Auth. (subscriber+) Insecure Direct Object References (IDOR) vulnerability in Comments – wpDiscuz plugin 7.4.2 on WordPress.	8.8	High

gVectors wpDiscuz 7.4.2 for WordPress

CPE Details

CPE Name: cpe:2.3:a:gvectors:wpdiscuz:7.4.2:*:*:*:*:wordpress:*:*

Informations

Vendor

Product

Version

Target Software

Related CVE

CPE Name: cpe:2.3:a:gvectors:wpdiscuz:7.4.2:::::wordpress::