Attention WordPress website owners using the AnyComment plugin: A high-severity Cross-Site Scripting (XSS) vulnerability has been identified, posing significant risks to WordPress security and potentially exposing your website to plugin vulnerability exploits.

The security flaw was discovered and responsibly reported by Rafie Muhammad (Patchstack), highlighting the importance of continuous efforts in maintaining a secure WordPress environment.

The vulnerability lies in the AnyComment Plugin, where attackers could exploit the flaw to inject malicious scripts into your website. These scripts could encompass redirects, unwanted advertisements, and other HTML payloads that would execute when guests visit your site.


The vulnerability has a CVSS 3.1 score of 7.1, which is considered to be high severity. This means that the vulnerability is very likely to be exploited and could have a significant impact on the affected system.

Affected Versions:

All versions of the AnyComment plugin prior to version 0.0.99 are vulnerable to this security flaw. Taking immediate action is essential to protect your website and visitors from potential attacks.


If exploited, malicious actors could inject harmful scripts into your website, potentially redirecting visitors to malicious websites, displaying unwanted ads, or even stealing sensitive user information.


Given the high severity of this vulnerability, immediate action is crucial to safeguard your WordPress website:

Update to the Latest Version: Without delay, update the AnyComment plugin to the latest available version (at least 0.0.99) to eliminate the vulnerability and strengthen your website’s defenses against XSS exploits.