CVE-2021-4227

Name of the Vulnerable Software and Affected Versions ark-commenteditor WordPress plugin versions 2.15.6 and earlier

Description The issue allows attackers to inject an iFrame into the page, enabling them to load arbitrary content from any page into the comment section. This is due to the plugin's failure to properly sanitise or encode comments when in Source editor mode.

Recommendations For ark-commenteditor WordPress plugin versions 2.15.6 and earlier, update to a version later than 2.15.6 to resolve the issue. As a temporary workaround, consider disabling the Source editor mode to minimize the risk of exploitation. Restrict access to the comment section to minimize the risk of arbitrary content loading.