WordPress Cross-Site Scripting Vulnerability (CNVD-2021-100244)

WordPress is a set of blogging platforms developed by the WordPress (Wordpress) Foundation using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. cross-site scripting vulnerability exists in the WordPress plugin ClickBank Affiliate Ads version 1.20 previously, which stems from the plugin’s failure to perform CSRF checks when saving settings, which could be exploited by attackers to enable login administrators to change them via CSRF attacks. In addition, this could also lead to a stored cross-site scripting issue due to the lack of escaping on output.