WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. A cross-site scripting vulnerability exists in versions of the WordPress WP Cerber Security, Anti-spam & Malware Scan Plugin prior to version 8.9.6, which stems from the fact that the $url variable is not cleaned up before it is used in the plugin dashboard’s Properties in the “Active” tab of the plugin dashboard are not cleaned up before being used. An attacker could exploit this vulnerability to execute JavaScript code on the client side.
CPE | Name | Operator | Version |
---|---|---|---|
wordpress wp cerber security, anti-spam & malware scan plugin | lt | 8.9.6 |