CVE-2026-8624

Name of the Vulnerable Software and Affected Versions LJ comments import: reloaded versions prior to 0.97.2

Description The LJ comments import: reloaded plugin for WordPress contains a Reflected Cross-Site Scripting issue caused by insufficient input sanitization and output escaping. Unauthenticated attackers can inject arbitrary web scripts into pages by tricking a user into clicking a link. This occurs because the PHP SELF parameter includes attacker-controllable PATH INFO appended to the script name, which is then processed through two unsanitized echo points within the same function.

Recommendations Update to a version later than 0.97.1.