The ark-commenteditor WordPress plugin through 2.15.6...
Moderate severity
Unreviewed
Published
Jan 16, 2024
to the GitHub Advisory Database
•
Updated Jan 28, 2024
Description
Published by the National Vulnerability Database
Jan 16, 2024
Published to the GitHub Advisory Database
Jan 16, 2024
Last updated
Jan 28, 2024
The ark-commenteditor WordPress plugin through 2.15.6 does not properly sanitise or encode the comments when in Source editor, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page to the comment section
References