Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistWPScanCVELIST:CVE-2021-4227
HistoryJan 16, 2024 - 3:52 p.m.

CVE-2021-4227 Ark Comment Editor <= 2.15.6 - Iframe Injection via Comment

2024-01-1615:52:25
WPScan
www.cve.org
cve-2021-4227
ark comment editor
iframe injection
wordpress plugin
source editor
arbitrary content

0.0005 Low

EPSS

Percentile

17.0%

JSON

The ark-commenteditor WordPress plugin through 2.15.6 does not properly sanitise or encode the comments when in Source editor, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page to the comment section

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "ark-commenteditor",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThanOrEqual": "2.15.6"
      }
    ],
    "defaultStatus": "affected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

Related

patchstack 1
cve 1
nvd 1
prion 1
patchstack
patchstack
WordPress Ark-commenteditor plugin <= 2.15.6 - Iframe Injection via Comment vulnerability
2021-09-23 00:00:00
cve
cve
CVE-2021-4227
2024-01-16 16:15:09
nvd
nvd
CVE-2021-4227
2024-01-16 16:15:09
prion
prion
Code injection
2024-01-16 16:15:00

0.0005 Low

EPSS

Percentile

17.0%

JSON
Related for CVELIST:CVE-2021-4227
patchstack1cve1nvd1prion1