CVE-2013-1409: XSS
First published: Mon Mar 03 2014(Updated: )
Cross-site scripting (XSS) vulnerability in the CommentLuv plugin before 2.92.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the _ajax_nonce parameter to wp-admin/admin-ajax.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Commentluv | <=2.92.3 | |
| Commentluv | =2.7 | |
| Commentluv | =2.71 | |
| Commentluv | =2.74 | |
| Commentluv | =2.76 | |
| Commentluv | =2.80 | |
| Commentluv | =2.81 | |
| Commentluv | =2.81.1 | |
| Commentluv | =2.81.2 | |
| Commentluv | =2.81.3 | |
| Commentluv | =2.81.4 | |
| Commentluv | =2.81.5 | |
| Commentluv | =2.81.6 | |
| Commentluv | =2.81.7 | |
| Commentluv | =2.81.8 | |
| Commentluv | =2.90.1 | |
| Commentluv | =2.90.3 | |
| Commentluv | =2.90.5 | |
| Commentluv | =2.90.6 | |
| Commentluv | =2.90.7 | |
| Commentluv | =2.90.8 | |
| Commentluv | =2.90.8.1 | |
| Commentluv | =2.90.8.2 | |
| Commentluv | =2.90.8.3 | |
| Commentluv | =2.90.9 | |
| Commentluv | =2.90.9.1 | |
| Commentluv | =2.90.9.2 | |
| Commentluv | =2.90.9.3 | |
| Commentluv | =2.90.9.4 | |
| Commentluv | =2.90.9.5 | |
| Commentluv | =2.90.9.6 | |
| Commentluv | =2.90.9.7 | |
| Commentluv | =2.90.9.8 | |
| Commentluv | =2.90.9.9 | |
| Commentluv | =2.90.9.9.1 | |
| Commentluv | =2.90.9.9.2 | |
| Commentluv | =2.90.9.9.3 | |
| Commentluv | =2.91 | |
| Commentluv | =2.91.1 | |
| Commentluv | =2.92 | |
| Commentluv | =2.92.1 | |
| Commentluv | =2.92.2 | |
| Commentluv | =2.761 | |
| Commentluv | =2.762 | |
| Commentluv | =2.763 | |
| Commentluv | =2.764 | |
| Commentluv | =2.765 | |
| Commentluv | =2.766 | |
| Commentluv | =2.767 | |
| Commentluv | =2.768 | |
| Commentluv | =2.769 | |
| Commentluv | =2.7691 | |
| WordPress | ||
| All of | ||
| Any of | ||
| Commentluv | <=2.92.3 | |
| Commentluv | =2.7 | |
| Commentluv | =2.71 | |
| Commentluv | =2.74 | |
| Commentluv | =2.76 | |
| Commentluv | =2.80 | |
| Commentluv | =2.81 | |
| Commentluv | =2.81.1 | |
| Commentluv | =2.81.2 | |
| Commentluv | =2.81.3 | |
| Commentluv | =2.81.4 | |
| Commentluv | =2.81.5 | |
| Commentluv | =2.81.6 | |
| Commentluv | =2.81.7 | |
| Commentluv | =2.81.8 | |
| Commentluv | =2.90.1 | |
| Commentluv | =2.90.3 | |
| Commentluv | =2.90.5 | |
| Commentluv | =2.90.6 | |
| Commentluv | =2.90.7 | |
| Commentluv | =2.90.8 | |
| Commentluv | =2.90.8.1 | |
| Commentluv | =2.90.8.2 | |
| Commentluv | =2.90.8.3 | |
| Commentluv | =2.90.9 | |
| Commentluv | =2.90.9.1 | |
| Commentluv | =2.90.9.2 | |
| Commentluv | =2.90.9.3 | |
| Commentluv | =2.90.9.4 | |
| Commentluv | =2.90.9.5 | |
| Commentluv | =2.90.9.6 | |
| Commentluv | =2.90.9.7 | |
| Commentluv | =2.90.9.8 | |
| Commentluv | =2.90.9.9 | |
| Commentluv | =2.90.9.9.1 | |
| Commentluv | =2.90.9.9.2 | |
| Commentluv | =2.90.9.9.3 | |
| Commentluv | =2.91 | |
| Commentluv | =2.91.1 | |
| Commentluv | =2.92 | |
| Commentluv | =2.92.1 | |
| Commentluv | =2.92.2 | |
| Commentluv | =2.761 | |
| Commentluv | =2.762 | |
| Commentluv | =2.763 | |
| Commentluv | =2.764 | |
| Commentluv | =2.765 | |
| Commentluv | =2.766 | |
| Commentluv | =2.767 | |
| Commentluv | =2.768 | |
| Commentluv | =2.769 | |
| Commentluv | =2.7691 | |
| WordPress |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2013-1409?
CVE-2013-1409 is classified as a medium severity cross-site scripting (XSS) vulnerability.
How do I fix CVE-2013-1409?
To fix CVE-2013-1409, upgrade the CommentLuv plugin to version 2.92.4 or later.
What software is affected by CVE-2013-1409?
CVE-2013-1409 affects the CommentLuv plugin versions prior to 2.92.4 for WordPress.
Can CVE-2013-1409 be exploited remotely?
Yes, CVE-2013-1409 allows remote attackers to exploit the vulnerability through crafted scripts.
What type of vulnerability is CVE-2013-1409?
CVE-2013-1409 is a cross-site scripting (XSS) vulnerability that enables the injection of arbitrary web scripts or HTML.
- agent/type
- agent/first-publish-date
- agent/references
- agent/weakness
- agent/author
- agent/severity
- agent/description
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/event
- agent/tags
- vendor/commentluv
- canonical/commentluv
- version/commentluv/2.92.3
- version/commentluv/2.7
- version/commentluv/2.71
- version/commentluv/2.74
- version/commentluv/2.76
- version/commentluv/2.80
- version/commentluv/2.81
- version/commentluv/2.81.1
- version/commentluv/2.81.2
- version/commentluv/2.81.3
- version/commentluv/2.81.4
- version/commentluv/2.81.5
- version/commentluv/2.81.6
- version/commentluv/2.81.7
- version/commentluv/2.81.8
- version/commentluv/2.90.1
- version/commentluv/2.90.3
- version/commentluv/2.90.5
- version/commentluv/2.90.6
- version/commentluv/2.90.7
- version/commentluv/2.90.8
- version/commentluv/2.90.8.1
- version/commentluv/2.90.8.2
- version/commentluv/2.90.8.3
- version/commentluv/2.90.9
- version/commentluv/2.90.9.1
- version/commentluv/2.90.9.2
- version/commentluv/2.90.9.3
- version/commentluv/2.90.9.4
- version/commentluv/2.90.9.5
- version/commentluv/2.90.9.6
- version/commentluv/2.90.9.7
- version/commentluv/2.90.9.8
- version/commentluv/2.90.9.9
- version/commentluv/2.90.9.9.1
- version/commentluv/2.90.9.9.2
- version/commentluv/2.90.9.9.3
- version/commentluv/2.91
- version/commentluv/2.91.1
- version/commentluv/2.92
- version/commentluv/2.92.1
- version/commentluv/2.92.2
- version/commentluv/2.761
- version/commentluv/2.762
- version/commentluv/2.763
- version/commentluv/2.764
- version/commentluv/2.765
- version/commentluv/2.766
- version/commentluv/2.767
- version/commentluv/2.768
- version/commentluv/2.769
- version/commentluv/2.7691
- vendor/wordpress
- canonical/wordpress