CVE-2013-1409
CommentLuv < 2.92.4 - Cross-Site Scripting via _ajax_nonce Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2013-1409. PoCs published by High-Tech Bridge.
AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in the CommentLuv WordPress plugin by injecting a malicious script into the '_ajax_nonce' parameter. The script executes in the context of the affected site, potentially stealing cookie-based authentication credentials.
Description
Cross-site scripting (XSS) vulnerability in the CommentLuv plugin before 2.92.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the _ajax_nonce parameter to wp-admin/admin-ajax.php.
Exploits (1)
This exploit demonstrates a cross-site scripting (XSS) vulnerability in the CommentLuv WordPress plugin by injecting a malicious script into the '_ajax_nonce' parameter. The script executes in the context of the affected site, potentially stealing cookie-based authentication credentials.