The Vuukle Comments, Reactions, Share Bar, Revenue plugin for WordPress had an issue with its security that left it vulnerable to attacks. This vulnerability was present in all versions up to 3.4.31 and was caused by a lack of proper validation of nonce in the file /admin/partials/free-comments-for-wordpress-vuukle-admin-display.php. This vulnerability meant that attackers who were able to trick an administrator into clicking on a link could take control of the plugin’s settings.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Home » Vulnerabilities » Input validation vulnerability in Vuukle Comments, Reactions, Share Bar, Revenue 3.4.31
Latest
Passkeys: no need for Limit Login Attempts?
Configuring Really Simple Security with WP-CLI
How to Fix The “Link you followed has Expired” error on WordPress
404 not found errors
Protecting site visitors with Security Headers
Hardening your website’s security
Input validation vulnerability in Vuukle Comments, Reactions, Share Bar, Revenue 3.4.31
The Vuukle Comments, Reactions, Share Bar, Revenue plugin for WordPress had an issue with its security that left it vulnerable to attacks. This vulnerability was present in all versions up to 3.4.31 and was caused by a lack of proper validation of nonce in the file /admin/partials/free-comments-for-wordpress-vuukle-admin-display.php. This vulnerability meant that attackers who were able to trick an administrator into clicking on a link could take control of the plugin’s settings.
Detected in:
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.