cleantalk
Vulnerabilities and Security Researches

AnyComment, CVE-2021-24838

CVE, Research URL

CVE-2021-24838

Home page URL

Security reports for AnyComment

Application

AnyComment

Published on
Jan 17, 2022
Research Description
The AnyComment WordPress plugin before 0.3.5 has an API endpoint which passes user input via the redirect parameter to the wp_redirect() function without being validated first, leading to an Open Redirect issue, which according to the vendor, is a feature.
Affected versions
max 0.3.5.
Status
vulnerable
Previous vulnerability researches
AnyComment (CVE-2021-24838) , Jun 07, 2024
AnyComment (CVE-2022-0279) , Jun 07, 2024
AnyComment (CVE-2018-21001) , Jun 07, 2024
AnyComment (CVE-2022-0134) , Jun 07, 2024
AnyComment (CVE-2025-60240) , Nov 10, 2025
New vulnerability
SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer (CVE-2025-62048) , Nov 11, 2025
Team Member Showcase Staff List Plugin – Employee Spotlight (CVE-2025-12090) , Nov 11, 2025
WPeMatico RSS Feed Fetcher (CVE-2025-49922) , Nov 11, 2025
Cost Calculator Builder (CVE-2025-9243) , Nov 11, 2025
Off-Canvas Sidebars & Menus (Slidebars) (CVE-2025-62891) , Nov 11, 2025