The Comments – wpDiscuz plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 7.6.21. This is due to a lack of filtering of HTML tags in comments. This makes it possible for unauthenticated attackers to add HTML such as hyperlinks to comments when rich editing is disabled.
Metrics
Affected Vendors & Products
Advisories
Source | ID | Title |
---|---|---|
![]() |
EUVD-2024-47748 | The Comments – wpDiscuz plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 7.6.21. This is due to a lack of filtering of HTML tags in comments. This makes it possible for unauthenticated attackers to add HTML such as hyperlinks to comments when rich editing is disabled. |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Thu, 05 Jun 2025 17:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Gvectors
Gvectors wpdiscuz |
|
CPEs | cpe:2.3:a:gvectors:wpdiscuz:*:*:*:*:*:wordpress:*:* | |
Vendors & Products |
Gvectors
Gvectors wpdiscuz |

Status: PUBLISHED
Assigner: Wordfence
Published:
Updated: 2024-08-02T15:30:39.774Z
Reserved: 2024-07-11T20:24:28.981Z
Link: CVE-2024-6704

No data.

Status : Analyzed
Published: 2024-08-02T11:16:43.747
Modified: 2025-06-05T16:38:43.267
Link: CVE-2024-6704

No data.

No data.