cleantalk
Vulnerabilities and Security Researches

Comments – wpDiscuz, CVE-2024-6704

CVE, Research URL

CVE-2024-6704

Home page URL

Security reports for Comments – wpDiscuz

Application

Comments – wpDiscuz

Published on
Aug 02, 2024
Research Description
The Comments – wpDiscuz plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 7.6.21. This is due to a lack of filtering of HTML tags in comments. This makes it possible for unauthenticated attackers to add HTML such as hyperlinks to comments when rich editing is disabled.
Affected versions
Min -, max 7.6.22.
Status
vulnerable
Previous vulnerability researches
Comments – wpDiscuz (CVE-2025-59591) , Oct 10, 2025
Comments – wpDiscuz (CVE-2023-46309) , Jun 10, 2024
Comments – wpDiscuz (CVE-2023-45760) , Jun 10, 2024
Comments – wpDiscuz (CVE-2024-35681) , Jun 09, 2024
Comments – wpDiscuz (CVE-2024-9488) , Oct 27, 2024
New vulnerability
Genealogical Tree – WordPress Family Tree (CVE-2025-58023) , Oct 12, 2025
WPB Quick View Popup for WooCommerce – Display Product Informations in Popup on Button Click (CVE-2025-57967) , Oct 12, 2025
Mixtape (CVE-2025-9860) , Oct 12, 2025
Advanced Settings (CVE-2025-58996) , Oct 12, 2025
FancyTabs (CVE-2025-8560) , Oct 12, 2025