WordPress Comment Engine Pro plugin <= 1.0 - Stored Cross-Site Scripting (XSS) vulnerability
CVSS 3.1 score
Not reported to be exploited
Comment Engine Pro
Cross Site Scripting (XSS)
OWASP Top 10
A7: Cross-Site Scripting (XSS)
Requires editor or higher role user authentication.
Patchstack vPatch available since
Stored Cross-Site Scripting (XSS) vulnerability discovered by John Castro (Pagely) in WordPress Comment Engine Pro plugin (versions <= 1.0).
Deactivate and delete. This plugin has been closed as of October 7, 2021 and is not available for download. Reason: Security Issue.