cleantalk
Vulnerabilities and Security Researches

Custom Comment, CVE-2025-49889

CVE, Research URL

CVE-2025-49889

Home page URL

Security reports for Custom Comment

Application

Custom Comment

Published on
Aug 20, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in imaprogrammer Custom Comment allows Stored XSS. This issue affects Custom Comment: from n/a through 2.1.6.
Affected versions
Min -, max 2.1.6.
Status
vulnerable
Previous vulnerability researches
LJ Custom Menu Links (CVE-2025-23881) , Mar 05, 2025
Custom Menu (CVE-2025-49436) , Aug 20, 2025
New vulnerability
WP Activity Log , Aug 21, 2025
Online Booking & Scheduling Calendar for WordPress by vcita (CVE-2025-54677) , Aug 21, 2025
Superb Addons – WordPress Editor Blocks & Patterns and Elementor Sections & Elements , Aug 21, 2025
PHP Compatibility Checker , Aug 21, 2025
Infility Global (CVE-2025-47650) , Aug 21, 2025