cleantalk
Vulnerabilities and Security Researches

Show All Comments, CVE-2022-4295

CVE, Research URL

CVE-2022-4295

Home page URL

Security reports for Show All Comments

Application

Show All Comments

Published on
Jan 16, 2023
Research Description
The Show All Comments WordPress plugin before 7.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a logged in high privilege users such as admin.
Affected versions
Min -, max 7.0.1.
Status
vulnerable
Previous vulnerability researches
Show All Comments (CVE-2025-47607) , May 09, 2025
Show All Comments (CVE-2022-4295) , Jun 07, 2024
New vulnerability
1 Click WordPress Migration Plugin – 100% FREE for a limited time (CVE-2025-3455) , May 10, 2025
EUCookieLaw (CVE-2025-3897) , May 10, 2025
Frontend Login and Registration Blocks (CVE-2025-3605) , May 10, 2025
WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg (CVE-2025-4206) , May 10, 2025
Top 10 – WordPress Popular posts by WebberZone (CVE-2025-47509) , May 09, 2025