Description
WordPress Plugin Comment System for WordPress & Ajax Comments-Comment Press is prone to a cross-frame scripting vulnerability. Exploiting this issue may allow a remote attacker to steal user credentials from an unsuspecting user. This attack is usually successful only when combined with social engineering. WordPress Plugin Comment System for WordPress & Ajax Comments-Comment Press version 2.7.0 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.7.2 or latest
References
Related Vulnerabilities
WordPress 5.7.x Multiple Prototype Pollution Vulnerabilities (5.7 - 5.7.5)
MyBB Inclusion of Functionality from Untrusted Control Sphere Vulnerability (CVE-2018-1000502)
WordPress Plugin WP Job Manager Privilege Escalation (1.34.4)
WordPress Plugin User Role Editor Cross-Site Request Forgery (3.12)
WordPress Plugin WooCommerce Cart Expiration PHP Object Injection (0.1.0)