WordPress Plugin Vulnerabilities

Commentator <= 2.5.2 - Reflected Cross-Site Scripting (XSS)

Description

The commentator WordPress plugin was affected by a Reflected Cross-Site Scripting (XSS) security vulnerability.

Proof of Concept

Affects Plugins

Plugin icon
commentator
Fixed in 2.5.3

References

URL
https://packetstormsecurity.com/files/#135237/
URL
https://web.archive.org/web/20160322123918/https://permalink.gmane.org/gmane.comp.security.oss.general/18569
URL
https://codecanyon.net/item/commentator-wordpress-plugin/6425752

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
bc3d05a7-7494-42d3-b3b1-bd6686a3b20a

Timeline

Publicly Published
2016-01-13 (about 10 years ago)
Added
2016-01-13 (about 10 years ago)
Last Updated
2019-10-31 (about 6 years ago)

Other

Published
Title
Published
2026-02-02
Title
LatePoint < 5.2.6 - Unauthenticated Stored XSS
Published
2022-12-06
Title
WordPress Filter Gallery Plugin < 0.1.6 - Admin+ Stored XSS
Published
2023-08-14
Title
WebLibrarian <= 3.5.8.4 - Reflected XSS
Published
2024-09-30
Title
Custom Banners <= 3.3 - Reflected Cross-Site Scripting
Published
2025-04-10
Title
DN Shipping by Weight for WooCommerce < 1.2.1 - Reflected Cross-Site Scripting