WordPress is the Wordpress Foundation’s suite of blogging platforms developed using the PHP language. A cross-site scripting vulnerability exists in versions of the WordPress WP Offload SES Lite plugin prior to 1.4.5, which stems from the plugin’s failure to escape certain fields in the “activity” page of the admin dashboard such as the email id, subject and recipient. An attacker could exploit this vulnerability to cause a stored cross-site scripting issue.
CPE | Name | Operator | Version |
---|---|---|---|
wordpress wp offload ses lite plugin | lt | 1.4.5 |