Description
WordPress Plugin Comment System for WordPress & Ajax Comments-Comment Press is prone to a cross-frame scripting vulnerability. Exploiting this issue may allow a remote attacker to steal user credentials from an unsuspecting user. This attack is usually successful only when combined with social engineering. WordPress Plugin Comment System for WordPress & Ajax Comments-Comment Press version 2.7.0 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.7.2 or latest
References
Related Vulnerabilities
MySQL CVE-2023-22079 Vulnerability (CVE-2023-22079)
Magento CVE-2022-34259 Vulnerability (CVE-2022-34259)
MySQL CVE-2015-0439 Vulnerability (CVE-2015-0439)
Magento Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-7892)
MySQL Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2009-4030)