Vulnerabilities and security researches forfree-comments-for-wordpress-vuukle free-comments-for-wordpress-vuukle

Jun 07, 2024

CVE, Research URL: CVE-2021-4427
Home page URL: Security reports for Vuukle Comments, Reactions, Share Bar, Revenue
Application: Vuukle Comments, Reactions, Share Bar, Revenue
Date: Jul 12, 2023
Research Description: The Vuukle Comments, Reactions, Share Bar, Revenue plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.31. This is due to missing or incorrect nonce validation in the /admin/partials/free-comments-for-wordpress-vuukle-admin-display.php file. This makes it possible for unauthenticated attackers to edit the plugins settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: max 4.0.
Status: vulnerable

CVE, Research URL: b77bc82519876c41f8d608a40b61521384622036
Home page URL: Security reports for Vuukle Comments, Reactions, Share Bar, Revenue
Application: Vuukle Comments, Reactions, Share Bar, Revenue
Date: Jul 05, 2021
Research Description: Vuukle – Comments, Reactions, Quizzes, Share Bar & Ad Revenue [free-comments-for-wordpress-vuukle] < 4.0.1 WordPress Vuukle Comments, Reactions, Share Bar, Revenue plugin <= 3.4.31 - Cross-Site Request Forgery (CSRF) vulnerability Cross-Site Request Forgery (CSRF) vulnerability discovered by Jerome Bruandet (NinTechNet) in WordPress Vuukle Comments, Reactions, Share Bar, Revenue plugin (versions <= 3.4.31)
Affected versions: max 4.0.1.
Status: vulnerable

CVE, Research URL: -
Home page URL: Security reports for Vuukle Comments, Reactions, Share Bar, Revenue
Application: Vuukle Comments, Reactions, Share Bar, Revenue
Date: Jun 07, 2023
Research Description: Rejected reason: CVE split into individual CVE IDs for each software record.
Affected versions: max 4.0.
Status: vulnerable

Jun 16, 2026

CVE, Research URL: e03420c55099714ac90da016761d318e5e1cb6db
Home page URL: Security reports for Vuukle Comments, Reactions, Share Bar, Revenue
Application: Vuukle Comments, Reactions, Share Bar, Revenue
Date: -
Research Description: Vuukle – Comments, Reactions, Quizzes, Share Bar & Ad Revenue [free-comments-for-wordpress-vuukle] < 4.0 Various Affected Software (Various Versions) - Cross-Site Request Forgery Bypass Over 70 plugins and themes were vulnerable to Cross-Site Request Forgery due to improperly implemented nonce protection that could be bypassed.
Affected versions: max 4.0.
Status: vulnerable

CVE, Research URL: 20851a18-8309-4405-b85c-acaa047effa7
Home page URL: Security reports for Vuukle Comments, Reactions, Share Bar, Revenue
Application: Vuukle Comments, Reactions, Share Bar, Revenue
Date: -
Research Description: Vuukle – Comments, Reactions, Quizzes, Share Bar & Ad Revenue [free-comments-for-wordpress-vuukle] < 4.0 CSRF Bypass in Multiple Plugins Multiple plugins are affected by CSRF bypass as they do not properly check for the nonce due to a logic flaw. This could allow attackers to make logged in users do unwanted actions
Affected versions: max 4.0.
Status: vulnerable