Cross-site scripting (XSS) vulnerability in the CommentLuv plugin before 2.92.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the _ajax_nonce parameter to wp-admin/admin-ajax.php.
2014-03-03T16:55:03.677
2025-04-12T10:46:40.837
Deferred
CVSSv2: 4.3 (MEDIUM)
AV:N/AC:M/Au:N/C:N/I:P/A:N
8.6
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | commentluv | commentluv | ≤ 2.92.3 | Yes |
| Application | commentluv | commentluv | 2.7 | Yes |
| Application | commentluv | commentluv | 2.71 | Yes |
| Application | commentluv | commentluv | 2.74 | Yes |
| Application | commentluv | commentluv | 2.76 | Yes |
| Application | commentluv | commentluv | 2.80 | Yes |
| Application | commentluv | commentluv | 2.81 | Yes |
| Application | commentluv | commentluv | 2.81.1 | Yes |
| Application | commentluv | commentluv | 2.81.2 | Yes |
| Application | commentluv | commentluv | 2.81.3 | Yes |
| Application | commentluv | commentluv | 2.81.4 | Yes |
| Application | commentluv | commentluv | 2.81.5 | Yes |
| Application | commentluv | commentluv | 2.81.6 | Yes |
| Application | commentluv | commentluv | 2.81.7 | Yes |
| Application | commentluv | commentluv | 2.81.8 | Yes |
| Application | commentluv | commentluv | 2.90.1 | Yes |
| Application | commentluv | commentluv | 2.90.3 | Yes |
| Application | commentluv | commentluv | 2.90.5 | Yes |
| Application | commentluv | commentluv | 2.90.6 | Yes |
| Application | commentluv | commentluv | 2.90.7 | Yes |
| Application | commentluv | commentluv | 2.90.8 | Yes |
| Application | commentluv | commentluv | 2.90.8.1 | Yes |
| Application | commentluv | commentluv | 2.90.8.2 | Yes |
| Application | commentluv | commentluv | 2.90.8.3 | Yes |
| Application | commentluv | commentluv | 2.90.9 | Yes |
| Application | commentluv | commentluv | 2.90.9.1 | Yes |
| Application | commentluv | commentluv | 2.90.9.2 | Yes |
| Application | commentluv | commentluv | 2.90.9.3 | Yes |
| Application | commentluv | commentluv | 2.90.9.4 | Yes |
| Application | commentluv | commentluv | 2.90.9.5 | Yes |
| Application | commentluv | commentluv | 2.90.9.6 | Yes |
| Application | commentluv | commentluv | 2.90.9.7 | Yes |
| Application | commentluv | commentluv | 2.90.9.8 | Yes |
| Application | commentluv | commentluv | 2.90.9.9 | Yes |
| Application | commentluv | commentluv | 2.90.9.9.1 | Yes |
| Application | commentluv | commentluv | 2.90.9.9.2 | Yes |
| Application | commentluv | commentluv | 2.90.9.9.3 | Yes |
| Application | commentluv | commentluv | 2.91 | Yes |
| Application | commentluv | commentluv | 2.91.1 | Yes |
| Application | commentluv | commentluv | 2.92 | Yes |
| Application | commentluv | commentluv | 2.92.1 | Yes |
| Application | commentluv | commentluv | 2.92.2 | Yes |
| Application | commentluv | commentluv | 2.761 | Yes |
| Application | commentluv | commentluv | 2.762 | Yes |
| Application | commentluv | commentluv | 2.763 | Yes |
| Application | commentluv | commentluv | 2.764 | Yes |
| Application | commentluv | commentluv | 2.765 | Yes |
| Application | commentluv | commentluv | 2.766 | Yes |
| Application | commentluv | commentluv | 2.767 | Yes |
| Application | commentluv | commentluv | 2.768 | Yes |
| Application | commentluv | commentluv | 2.769 | Yes |
| Application | commentluv | commentluv | 2.7691 | Yes |
| Application | wordpress | wordpress | - | No |