WordPress Plugin Cross-Site Scripting Vulnerability (CNVD-2021-59592)

WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. prism is an application from the US-based Prism personal developer. A security vulnerability exists in versions of the Prismatic WordPress plugin prior to version 2.8, which stems from the plugin’s failure to clean up or validate some of its shortcode parameters, allowing users with roles as low as contributor to set cross-site payloads in them. No detailed vulnerability details are available at this time.