cleantalk
Vulnerabilities and Security Researches

Custom Comment, CVE-2025-49889

CVE, Research URL

CVE-2025-49889

Home page URL

Security reports for Custom Comment

Application

Custom Comment

Published on
Aug 20, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in imaprogrammer Custom Comment allows Stored XSS. This issue affects Custom Comment: from n/a through 2.1.6.
Affected versions
Min -, max 2.1.6.
Status
vulnerable
Previous vulnerability researches
Premium Seo Pack – Light Version (af828e4140f0a41b14b20395e5a6db7eedd6f57d) , Jun 06, 2024
New vulnerability
PHP Compatibility Checker , Aug 21, 2025
Infility Global (CVE-2025-47650) , Aug 21, 2025
Contact Manager (CVE-2025-8783) , Aug 21, 2025
Custom Comment (CVE-2025-49889) , Aug 20, 2025
Awesome Support – WordPress HelpDesk & Support Plugin (CVE-2025-53340) , Aug 20, 2025