{"api_version":"1","generated_at":"2026-07-08T22:26:00+00:00","cve":"CVE-2013-1409","urls":{"html":"https://cve.report/CVE-2013-1409","api":"https://cve.report/api/cve/CVE-2013-1409.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2013-1409","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2013-1409"},"summary":{"title":"CVE-2013-1409","description":"Cross-site scripting (XSS) vulnerability in the CommentLuv plugin before 2.92.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the _ajax_nonce parameter to wp-admin/admin-ajax.php.","state":"PUBLISHED","assigner":"mitre","published_at":"2014-03-03 16:55:03","updated_at":"2026-04-29 01:13:23"},"problem_types":["CWE-79","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4.3","severity":"","vector":"AV:N/AC:M/Au:N/C:N/I:P/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"}}],"references":[{"url":"http://archives.neohapsis.com/archives/bugtraq/2013-02/0031.html","name":"http://archives.neohapsis.com/archives/bugtraq/2013-02/0031.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"],"title":"","mime":"","httpstatus":"-1","archivestatus":"404"},{"url":"http://packetstormsecurity.com/files/120090/WordPress-CommentLuv-2.92.3-Cross-Site-Scripting.html","name":"http://packetstormsecurity.com/files/120090/WordPress-CommentLuv-2.92.3-Cross-Site-Scripting.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"],"title":"WordPress CommentLuv 2.92.3 Cross Site Scripting ≈ Packet Storm","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.htbridge.com/advisory/HTB23138","name":"https://www.htbridge.com/advisory/HTB23138","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"],"title":"File Not Found","mime":"text/html","httpstatus":"404","archivestatus":"403"},{"url":"http://osvdb.org/89925","name":"http://osvdb.org/89925","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://wordpress.org/plugins/commentluv/changelog","name":"http://wordpress.org/plugins/commentluv/changelog","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"WordPress › CommentLuv « WordPress Plugins","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2013-1409","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1409","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2013","cve_id":"1409","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"commentluv","cpe5":"commentluv","cpe6":"2.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"1409","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"commentluv","cpe5":"commentluv","cpe6":"2.71","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"1409","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"commentluv","cpe5":"commentluv","cpe6":"2.74","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"1409","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"commentluv","cpe5":"commentluv","cpe6":"2.76","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"1409","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"commentluv","cpe5":"commentluv","cpe6":"2.761","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"1409","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"commentluv","cpe5":"commentluv","cpe6":"2.762","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"1409","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"commentluv","cpe5":"commentluv","cpe6":"2.763","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"1409","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"commentluv","cpe5":"commentluv","cpe6":"2.764","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"1409","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"commentluv","cpe5":"commentluv","cpe6":"2.765","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"1409","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"commentluv","cpe5":"commentluv","cpe6":"2.766","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"1409","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"commentluv","cpe5":"commentluv","cpe6":"2.767","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"1409","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"commentluv","cpe5":"commentluv","cpe6":"2.768","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"1409","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"commentluv","cpe5":"commentluv","cpe6":"2.769","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"1409","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"commentluv","cpe5":"commentluv","cpe6":"2.7691","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"1409","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"commentluv","cpe5":"commentluv","cpe6":"2.80","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"1409","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"commentluv","cpe5":"commentluv","cpe6":"2.81","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"1409","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"commentluv","cpe5":"commentluv","cpe6":"2.81.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"1409","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"commentluv","cpe5":"commentluv","cpe6":"2.81.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"1409","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"commentluv","cpe5":"commentluv","cpe6":"2.81.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"1409","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"commentluv","cpe5":"commentluv","cpe6":"2.81.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"1409","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"commentluv","cpe5":"commentluv","cpe6":"2.81.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"1409","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"commentluv","cpe5":"commentluv","cpe6":"2.81.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"1409","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"commentluv","cpe5":"commentluv","cpe6":"2.81.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"1409","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"commentluv","cpe5":"commentluv","cpe6":"2.81.8","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"1409","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"commentluv","cpe5":"commentluv","cpe6":"2.90.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"1409","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"commentluv","cpe5":"commentluv","cpe6":"2.90.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"1409","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"commentluv","cpe5":"commentluv","cpe6":"2.90.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"1409","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"commentluv","cpe5":"commentluv","cpe6":"2.90.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"1409","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"commentluv","cpe5":"commentluv","cpe6":"2.90.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"1409","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"commentluv","cpe5":"commentluv","cpe6":"2.90.8","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"1409","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"commentluv","cpe5":"commentluv","cpe6":"2.90.8.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"1409","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"commentluv","cpe5":"commentluv","cpe6":"2.90.8.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"1409","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"commentluv","cpe5":"commentluv","cpe6":"2.90.8.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"1409","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"commentluv","cpe5":"commentluv","cpe6":"2.90.9","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"1409","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"commentluv","cpe5":"commentluv","cpe6":"2.90.9.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"1409","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"commentluv","cpe5":"commentluv","cpe6":"2.90.9.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"1409","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"commentluv","cpe5":"commentluv","cpe6":"2.90.9.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"1409","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"commentluv","cpe5":"commentluv","cpe6":"2.90.9.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"1409","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"commentluv","cpe5":"commentluv","cpe6":"2.90.9.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"1409","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"commentluv","cpe5":"commentluv","cpe6":"2.90.9.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"1409","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"commentluv","cpe5":"commentluv","cpe6":"2.90.9.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"1409","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"commentluv","cpe5":"commentluv","cpe6":"2.90.9.8","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"1409","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"commentluv","cpe5":"commentluv","cpe6":"2.90.9.9","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"1409","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"commentluv","cpe5":"commentluv","cpe6":"2.90.9.9.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"1409","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"commentluv","cpe5":"commentluv","cpe6":"2.90.9.9.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"1409","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"commentluv","cpe5":"commentluv","cpe6":"2.90.9.9.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"1409","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"commentluv","cpe5":"commentluv","cpe6":"2.91","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"1409","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"commentluv","cpe5":"commentluv","cpe6":"2.91.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"1409","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"commentluv","cpe5":"commentluv","cpe6":"2.92","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"1409","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"commentluv","cpe5":"commentluv","cpe6":"2.92.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"1409","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"commentluv","cpe5":"commentluv","cpe6":"2.92.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"1409","vulnerable":"1","versionEndIncluding":"2.92.3","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"commentluv","cpe5":"commentluv","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"1409","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"wordpress","cpe5":"wordpress","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2013","cve_id":"1409","cve":"CVE-2013-1409","epss":"0.033770000","percentile":"0.874300000","score_date":"2026-05-05","updated_at":"2026-05-06 00:08:11"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-06T14:57:05.063Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"http://packetstormsecurity.com/files/120090/WordPress-CommentLuv-2.92.3-Cross-Site-Scripting.html"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://wordpress.org/plugins/commentluv/changelog"},{"name":"20130206 Cross-Site Scripting (XSS) Vulnerability in CommentLuv WordPress Plugin","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://archives.neohapsis.com/archives/bugtraq/2013-02/0031.html"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.htbridge.com/advisory/HTB23138"},{"name":"89925","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://osvdb.org/89925"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2013-02-06T00:00:00.000Z","descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in the CommentLuv plugin before 2.92.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the _ajax_nonce parameter to wp-admin/admin-ajax.php."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2014-03-03T15:57:00.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"tags":["x_refsource_MISC"],"url":"http://packetstormsecurity.com/files/120090/WordPress-CommentLuv-2.92.3-Cross-Site-Scripting.html"},{"tags":["x_refsource_MISC"],"url":"http://wordpress.org/plugins/commentluv/changelog"},{"name":"20130206 Cross-Site Scripting (XSS) Vulnerability in CommentLuv WordPress Plugin","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://archives.neohapsis.com/archives/bugtraq/2013-02/0031.html"},{"tags":["x_refsource_MISC"],"url":"https://www.htbridge.com/advisory/HTB23138"},{"name":"89925","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://osvdb.org/89925"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2013-1409","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Cross-site scripting (XSS) vulnerability in the CommentLuv plugin before 2.92.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the _ajax_nonce parameter to wp-admin/admin-ajax.php."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"http://packetstormsecurity.com/files/120090/WordPress-CommentLuv-2.92.3-Cross-Site-Scripting.html","refsource":"MISC","url":"http://packetstormsecurity.com/files/120090/WordPress-CommentLuv-2.92.3-Cross-Site-Scripting.html"},{"name":"http://wordpress.org/plugins/commentluv/changelog","refsource":"MISC","url":"http://wordpress.org/plugins/commentluv/changelog"},{"name":"20130206 Cross-Site Scripting (XSS) Vulnerability in CommentLuv WordPress Plugin","refsource":"BUGTRAQ","url":"http://archives.neohapsis.com/archives/bugtraq/2013-02/0031.html"},{"name":"https://www.htbridge.com/advisory/HTB23138","refsource":"MISC","url":"https://www.htbridge.com/advisory/HTB23138"},{"name":"89925","refsource":"OSVDB","url":"http://osvdb.org/89925"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2013-1409","datePublished":"2014-03-03T16:00:00.000Z","dateReserved":"2013-01-19T00:00:00.000Z","dateUpdated":"2024-08-06T14:57:05.063Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2014-03-03 16:55:03","lastModifiedDate":"2026-04-29 01:13:23","problem_types":["CWE-79","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:commentluv:commentluv:*:*:*:*:*:wordpress:*:*","versionEndIncluding":"2.92.3","matchCriteriaId":"36AC3DC8-B92A-40B2-BFC7-681F867D5124"},{"vulnerable":true,"criteria":"cpe:2.3:a:commentluv:commentluv:2.7:*:*:*:*:wordpress:*:*","matchCriteriaId":"636F95AC-AB76-40B3-800B-6E3553F4BD57"},{"vulnerable":true,"criteria":"cpe:2.3:a:commentluv:commentluv:2.71:*:*:*:*:wordpress:*:*","matchCriteriaId":"6A160A4A-8CC5-4F9D-A933-C6874FE82E32"},{"vulnerable":true,"criteria":"cpe:2.3:a:commentluv:commentluv:2.74:*:*:*:*:wordpress:*:*","matchCriteriaId":"B26BC56F-565B-4112-919F-F0BF8527B877"},{"vulnerable":true,"criteria":"cpe:2.3:a:commentluv:commentluv:2.76:*:*:*:*:wordpress:*:*","matchCriteriaId":"7F43AE7C-B045-46F1-B802-115D776C4F37"},{"vulnerable":true,"criteria":"cpe:2.3:a:commentluv:commentluv:2.80:*:*:*:*:wordpress:*:*","matchCriteriaId":"AACA8D0D-4CF9-49CD-9165-BEEA27DA5DB1"},{"vulnerable":true,"criteria":"cpe:2.3:a:commentluv:commentluv:2.81:*:*:*:*:wordpress:*:*","matchCriteriaId":"55F90B7D-8E3C-4EEC-B380-74487EE55883"},{"vulnerable":true,"criteria":"cpe:2.3:a:commentluv:commentluv:2.81.1:*:*:*:*:wordpress:*:*","matchCriteriaId":"62D1D899-8E19-4C9A-BB88-1C3C09967AB6"},{"vulnerable":true,"criteria":"cpe:2.3:a:commentluv:commentluv:2.81.2:*:*:*:*:wordpress:*:*","matchCriteriaId":"D5DD1386-A4EC-4FCB-8D71-DEE7D74BC6C4"},{"vulnerable":true,"criteria":"cpe:2.3:a:commentluv:commentluv:2.81.3:*:*:*:*:wordpress:*:*","matchCriteriaId":"BA7D914B-D5E9-4D11-88D5-8FB0CE51FD6A"},{"vulnerable":true,"criteria":"cpe:2.3:a:commentluv:commentluv:2.81.4:*:*:*:*:wordpress:*:*","matchCriteriaId":"31F16D61-7302-44C0-B5CC-B0A1DDA0FB69"},{"vulnerable":true,"criteria":"cpe:2.3:a:commentluv:commentluv:2.81.5:*:*:*:*:wordpress:*:*","matchCriteriaId":"72C721D4-2379-488A-A658-4BFE697B738F"},{"vulnerable":true,"criteria":"cpe:2.3:a:commentluv:commentluv:2.81.6:*:*:*:*:wordpress:*:*","matchCriteriaId":"8B286A24-D3C9-456C-8C5C-0DD02144558C"},{"vulnerable":true,"criteria":"cpe:2.3:a:commentluv:commentluv:2.81.7:*:*:*:*:wordpress:*:*","matchCriteriaId":"64673FB4-F816-428F-8343-323E66EC37BE"},{"vulnerable":true,"criteria":"cpe:2.3:a:commentluv:commentluv:2.81.8:*:*:*:*:wordpress:*:*","matchCriteriaId":"BBB9028D-F0C1-4CAB-9DA3-BC13955C23DD"},{"vulnerable":true,"criteria":"cpe:2.3:a:commentluv:commentluv:2.90.1:*:*:*:*:wordpress:*:*","matchCriteriaId":"93BBEC41-0674-4622-94FD-91A684530027"},{"vulnerable":true,"criteria":"cpe:2.3:a:commentluv:commentluv:2.90.3:*:*:*:*:wordpress:*:*","matchCriteriaId":"332C7F14-B480-4E5A-95BD-71D743BE2846"},{"vulnerable":true,"criteria":"cpe:2.3:a:commentluv:commentluv:2.90.5:*:*:*:*:wordpress:*:*","matchCriteriaId":"E3B04456-63FA-4630-8A28-E0D6B8B77C93"},{"vulnerable":true,"criteria":"cpe:2.3:a:commentluv:commentluv:2.90.6:*:*:*:*:wordpress:*:*","matchCriteriaId":"EBED00D9-1101-404B-BD23-5977231A980A"},{"vulnerable":true,"criteria":"cpe:2.3:a:commentluv:commentluv:2.90.7:*:*:*:*:wordpress:*:*","matchCriteriaId":"82D81550-4217-4513-99BA-5F6DB1840911"},{"vulnerable":true,"criteria":"cpe:2.3:a:commentluv:commentluv:2.90.8:*:*:*:*:wordpress:*:*","matchCriteriaId":"CA0BD285-1310-495A-981F-5D0F37B0B4D4"},{"vulnerable":true,"criteria":"cpe:2.3:a:commentluv:commentluv:2.90.8.1:*:*:*:*:wordpress:*:*","matchCriteriaId":"084A7FD3-C2A2-4482-9529-0A10CBAFF80C"},{"vulnerable":true,"criteria":"cpe:2.3:a:commentluv:commentluv:2.90.8.2:*:*:*:*:wordpress:*:*","matchCriteriaId":"C0D91DC7-E812-4E2A-8790-B9005B2E9D55"},{"vulnerable":true,"criteria":"cpe:2.3:a:commentluv:commentluv:2.90.8.3:*:*:*:*:wordpress:*:*","matchCriteriaId":"A76AFA9E-E085-405A-96A0-67B02552755F"},{"vulnerable":true,"criteria":"cpe:2.3:a:commentluv:commentluv:2.90.9:*:*:*:*:wordpress:*:*","matchCriteriaId":"9B5F9979-C1B3-4987-9912-3948566BA987"},{"vulnerable":true,"criteria":"cpe:2.3:a:commentluv:commentluv:2.90.9.1:*:*:*:*:wordpress:*:*","matchCriteriaId":"DF48AA18-FBA9-446D-8A67-3EE72EA9DF34"},{"vulnerable":true,"criteria":"cpe:2.3:a:commentluv:commentluv:2.90.9.2:*:*:*:*:wordpress:*:*","matchCriteriaId":"7452E8FE-552C-4010-A30B-DEA153EB214B"},{"vulnerable":true,"criteria":"cpe:2.3:a:commentluv:commentluv:2.90.9.3:*:*:*:*:wordpress:*:*","matchCriteriaId":"4422023A-5A1A-4511-8DD8-95B450457E00"},{"vulnerable":true,"criteria":"cpe:2.3:a:commentluv:commentluv:2.90.9.4:*:*:*:*:wordpress:*:*","matchCriteriaId":"26AAEE87-2A9D-49E7-B33F-DE398681404F"},{"vulnerable":true,"criteria":"cpe:2.3:a:commentluv:commentluv:2.90.9.5:*:*:*:*:wordpress:*:*","matchCriteriaId":"AF8F5E1D-946E-42A7-83E1-36AF967000E8"},{"vulnerable":true,"criteria":"cpe:2.3:a:commentluv:commentluv:2.90.9.6:*:*:*:*:wordpress:*:*","matchCriteriaId":"13781B66-74F4-4D07-BFFE-B0D4C1F73DD1"},{"vulnerable":true,"criteria":"cpe:2.3:a:commentluv:commentluv:2.90.9.7:*:*:*:*:wordpress:*:*","matchCriteriaId":"6DAA92E2-B958-4172-9C03-4E5026292D30"},{"vulnerable":true,"criteria":"cpe:2.3:a:commentluv:commentluv:2.90.9.8:*:*:*:*:wordpress:*:*","matchCriteriaId":"083CAC46-FD42-4D7A-8A4F-CEFED58989E9"},{"vulnerable":true,"criteria":"cpe:2.3:a:commentluv:commentluv:2.90.9.9:*:*:*:*:wordpress:*:*","matchCriteriaId":"D0296CA9-680C-4745-9B88-78C1587916B6"},{"vulnerable":true,"criteria":"cpe:2.3:a:commentluv:commentluv:2.90.9.9.1:*:*:*:*:wordpress:*:*","matchCriteriaId":"3FDBA268-58C2-4D9D-BD29-0253D04881A7"},{"vulnerable":true,"criteria":"cpe:2.3:a:commentluv:commentluv:2.90.9.9.2:*:*:*:*:wordpress:*:*","matchCriteriaId":"BD2851D4-28D9-439B-AF0C-F72AFF6AD01E"},{"vulnerable":true,"criteria":"cpe:2.3:a:commentluv:commentluv:2.90.9.9.3:*:*:*:*:wordpress:*:*","matchCriteriaId":"462BDBCC-1A8D-4817-9C64-E8E159A15298"},{"vulnerable":true,"criteria":"cpe:2.3:a:commentluv:commentluv:2.91:*:*:*:*:wordpress:*:*","matchCriteriaId":"58DA1AF1-DD5D-46D6-9172-BE68D6FA7839"},{"vulnerable":true,"criteria":"cpe:2.3:a:commentluv:commentluv:2.91.1:*:*:*:*:wordpress:*:*","matchCriteriaId":"0BD6A38C-8C0A-4DB4-B0E1-0A99A1D0E67E"},{"vulnerable":true,"criteria":"cpe:2.3:a:commentluv:commentluv:2.92:*:*:*:*:wordpress:*:*","matchCriteriaId":"D802EC3C-0B7E-4876-B2FE-F1EE3038DFC7"},{"vulnerable":true,"criteria":"cpe:2.3:a:commentluv:commentluv:2.92.1:*:*:*:*:wordpress:*:*","matchCriteriaId":"1C80DC69-BEC5-4A5F-A704-8B271811810C"},{"vulnerable":true,"criteria":"cpe:2.3:a:commentluv:commentluv:2.92.2:*:*:*:*:wordpress:*:*","matchCriteriaId":"BDB73AA8-C6E0-4E2B-9B48-32C8D83B72C1"},{"vulnerable":true,"criteria":"cpe:2.3:a:commentluv:commentluv:2.761:*:*:*:*:wordpress:*:*","matchCriteriaId":"8B18A235-08E9-4813-9D11-09C825BC1B74"},{"vulnerable":true,"criteria":"cpe:2.3:a:commentluv:commentluv:2.762:*:*:*:*:wordpress:*:*","matchCriteriaId":"C241FC71-3FD3-431D-8859-D123B56FA39B"},{"vulnerable":true,"criteria":"cpe:2.3:a:commentluv:commentluv:2.763:*:*:*:*:wordpress:*:*","matchCriteriaId":"8D65A860-5515-4EDB-961B-F84A96723533"},{"vulnerable":true,"criteria":"cpe:2.3:a:commentluv:commentluv:2.764:*:*:*:*:wordpress:*:*","matchCriteriaId":"65EBC1DD-1B46-4B88-BE7F-351DD2C6A278"},{"vulnerable":true,"criteria":"cpe:2.3:a:commentluv:commentluv:2.765:*:*:*:*:wordpress:*:*","matchCriteriaId":"6438E003-753C-48AC-8B58-5D2D01302AED"},{"vulnerable":true,"criteria":"cpe:2.3:a:commentluv:commentluv:2.766:*:*:*:*:wordpress:*:*","matchCriteriaId":"B1C00768-505B-47A4-BB8B-F0618ECCFF24"},{"vulnerable":true,"criteria":"cpe:2.3:a:commentluv:commentluv:2.767:*:*:*:*:wordpress:*:*","matchCriteriaId":"7A45A15B-657B-4F94-BA9B-5F28D9060F9F"},{"vulnerable":true,"criteria":"cpe:2.3:a:commentluv:commentluv:2.768:*:*:*:*:wordpress:*:*","matchCriteriaId":"1AF05FCC-E6A5-441A-BA00-85B7DCF6F33D"},{"vulnerable":true,"criteria":"cpe:2.3:a:commentluv:commentluv:2.769:*:*:*:*:wordpress:*:*","matchCriteriaId":"0DC1CE81-1C52-46F2-B2E7-0855530D08EA"},{"vulnerable":true,"criteria":"cpe:2.3:a:commentluv:commentluv:2.7691:*:*:*:*:wordpress:*:*","matchCriteriaId":"71094D1E-9F8A-4BDD-9D01-C4FB8C0C7BEF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:*","matchCriteriaId":"A77EB0E7-7FA7-4232-97DF-7C7587D163F1"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2013","CveId":"1409","Ordinal":"1","Title":"CVE-2013-1409","CVE":"CVE-2013-1409","Year":"2013"},"notes":[{"CveYear":"2013","CveId":"1409","Ordinal":"1","NoteData":"Cross-site scripting (XSS) vulnerability in the CommentLuv plugin before 2.92.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the _ajax_nonce parameter to wp-admin/admin-ajax.php.","Type":"Description","Title":"CVE-2013-1409"},{"CveYear":"2013","CveId":"1409","Ordinal":"2","NoteData":"2014-03-03","Type":"Other","Title":"Published"},{"CveYear":"2013","CveId":"1409","Ordinal":"3","NoteData":"2014-03-03","Type":"Other","Title":"Modified"}]}}}