Vulnerability CVE-2024-6704
Published: 2024-08-02

Description:
The Comments ?? wpDiscuz plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 7.6.21. This is due to a lack of filtering of HTML tags in comments. This makes it possible for unauthenticated attackers to add HTML such as hyperlinks to comments when rich editing is disabled.

 References:
https://www.wordfence.com/threat-intel/vulnerabilities/id/fa3501a4-7975-4f90-8037-f8a06c293c07?source=cve
https://plugins.trac.wordpress.org/browser/wpdiscuz/trunk/class.WpdiscuzCore.php#L335
https://plugins.trac.wordpress.org/changeset/3124810/
Copyright 2026, cxsecurity.com

 

Back to Top