CVE-2013-1409
Summary
| CVE | CVE-2013-1409 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-03-03 16:55:03 UTC |
| Updated | 2026-04-29 01:13:23 UTC |
| Description | Cross-site scripting (XSS) vulnerability in the CommentLuv plugin before 2.92.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the _ajax_nonce parameter to wp-admin/admin-ajax.php. |
Risk And Classification
Primary CVSS: v2.0 4.3 from [email protected]
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS: 0.033770000 probability, percentile 0.874300000 (date 2026-05-05)
Problem Types: CWE-79 | n/a
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
MediumAuthentication
NoneConfidentiality
NoneIntegrity
PartialAvailability
NoneAV:N/AC:M/Au:N/C:N/I:P/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Commentluv | Commentluv | 2.7 | All | All | All |
| Application | Commentluv | Commentluv | 2.71 | All | All | All |
| Application | Commentluv | Commentluv | 2.74 | All | All | All |
| Application | Commentluv | Commentluv | 2.76 | All | All | All |
| Application | Commentluv | Commentluv | 2.761 | All | All | All |
| Application | Commentluv | Commentluv | 2.762 | All | All | All |
| Application | Commentluv | Commentluv | 2.763 | All | All | All |
| Application | Commentluv | Commentluv | 2.764 | All | All | All |
| Application | Commentluv | Commentluv | 2.765 | All | All | All |
| Application | Commentluv | Commentluv | 2.766 | All | All | All |
| Application | Commentluv | Commentluv | 2.767 | All | All | All |
| Application | Commentluv | Commentluv | 2.768 | All | All | All |
| Application | Commentluv | Commentluv | 2.769 | All | All | All |
| Application | Commentluv | Commentluv | 2.7691 | All | All | All |
| Application | Commentluv | Commentluv | 2.80 | All | All | All |
| Application | Commentluv | Commentluv | 2.81 | All | All | All |
| Application | Commentluv | Commentluv | 2.81.1 | All | All | All |
| Application | Commentluv | Commentluv | 2.81.2 | All | All | All |
| Application | Commentluv | Commentluv | 2.81.3 | All | All | All |
| Application | Commentluv | Commentluv | 2.81.4 | All | All | All |
| Application | Commentluv | Commentluv | 2.81.5 | All | All | All |
| Application | Commentluv | Commentluv | 2.81.6 | All | All | All |
| Application | Commentluv | Commentluv | 2.81.7 | All | All | All |
| Application | Commentluv | Commentluv | 2.81.8 | All | All | All |
| Application | Commentluv | Commentluv | 2.90.1 | All | All | All |
| Application | Commentluv | Commentluv | 2.90.3 | All | All | All |
| Application | Commentluv | Commentluv | 2.90.5 | All | All | All |
| Application | Commentluv | Commentluv | 2.90.6 | All | All | All |
| Application | Commentluv | Commentluv | 2.90.7 | All | All | All |
| Application | Commentluv | Commentluv | 2.90.8 | All | All | All |
| Application | Commentluv | Commentluv | 2.90.8.1 | All | All | All |
| Application | Commentluv | Commentluv | 2.90.8.2 | All | All | All |
| Application | Commentluv | Commentluv | 2.90.8.3 | All | All | All |
| Application | Commentluv | Commentluv | 2.90.9 | All | All | All |
| Application | Commentluv | Commentluv | 2.90.9.1 | All | All | All |
| Application | Commentluv | Commentluv | 2.90.9.2 | All | All | All |
| Application | Commentluv | Commentluv | 2.90.9.3 | All | All | All |
| Application | Commentluv | Commentluv | 2.90.9.4 | All | All | All |
| Application | Commentluv | Commentluv | 2.90.9.5 | All | All | All |
| Application | Commentluv | Commentluv | 2.90.9.6 | All | All | All |
| Application | Commentluv | Commentluv | 2.90.9.7 | All | All | All |
| Application | Commentluv | Commentluv | 2.90.9.8 | All | All | All |
| Application | Commentluv | Commentluv | 2.90.9.9 | All | All | All |
| Application | Commentluv | Commentluv | 2.90.9.9.1 | All | All | All |
| Application | Commentluv | Commentluv | 2.90.9.9.2 | All | All | All |
| Application | Commentluv | Commentluv | 2.90.9.9.3 | All | All | All |
| Application | Commentluv | Commentluv | 2.91 | All | All | All |
| Application | Commentluv | Commentluv | 2.91.1 | All | All | All |
| Application | Commentluv | Commentluv | 2.92 | All | All | All |
| Application | Commentluv | Commentluv | 2.92.1 | All | All | All |
| Application | Commentluv | Commentluv | 2.92.2 | All | All | All |
| Application | Commentluv | Commentluv | All | All | All | All |
| Application | Wordpress | Wordpress | - | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| archives.neohapsis.com/archives/bugtraq/2013-02/0031.html | af854a3a-2127-422b-91ae-364da2661108 | archives.neohapsis.com | Exploit |
| WordPress CommentLuv 2.92.3 Cross Site Scripting ≈ Packet Storm | af854a3a-2127-422b-91ae-364da2661108 | packetstormsecurity.com | Exploit |
| File Not Found | af854a3a-2127-422b-91ae-364da2661108 | www.htbridge.com | Exploit |
| osvdb.org/89925 | af854a3a-2127-422b-91ae-364da2661108 | osvdb.org | |
| WordPress › CommentLuv « WordPress Plugins | af854a3a-2127-422b-91ae-364da2661108 | wordpress.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.