Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2021-4227
HistoryJan 16, 2024 - 4:15 p.m.

Code injection

2024-01-1616:15:00
PRIOn knowledge base
www.prio-n.com
4
ark-commenteditor
source editor
iframe injection
arbitrary content

7.1 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.0%

JSON

The ark-commenteditor WordPress plugin through 2.15.6 does not properly sanitise or encode the comments when in Source editor, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page to the comment section

CPENameOperatorVersion
ark_wysiwyg_comment_editorle2.15.6

Related

patchstack 1
cve 1
cvelist 1
nvd 1
patchstack
patchstack
WordPress Ark-commenteditor plugin <= 2.15.6 - Iframe Injection via Comment vulnerability
2021-09-23 00:00:00
cve
cve
CVE-2021-4227
2024-01-16 16:15:09
cvelist
cvelist
CVE-2021-4227 Ark Comment Editor <= 2.15.6 - Iframe Injection via Comment
2024-01-16 15:52:25
nvd
nvd
CVE-2021-4227
2024-01-16 16:15:09

7.1 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.0%

JSON
Related for PRION:CVE-2021-4227
patchstack1cve1cvelist1nvd1