JVN#93799513: WordPress plugin "Fudousan plugin" series vulnerable to cross-site scripting

2021-06-22T00:00:00
ID JVN:93799513
Type jvn
Reporter Japan Vulnerability Notes
Modified 2021-06-22T00:00:00

Description

## Description

Some of WordPress plugin "Fudousan plugin" series provided by nendeb contain a cross-site scripting vulnerability (CWE-79).

## Impact

An arbitrary script may be executed on the web browser of the user who accessed the site using the product.

## Solution

Update the plugin
Update the plugin according to the information provided by the developer.

## Products Affected

The following products and versions of "Fudousan plugin" series are affected.

  • Fudousan plugin ver5.7.0 and earlier
  • Fudousan Plugin Pro Single-User Type ver5.7.0 and earlier
  • Fudousan Plugin Pro Multi-User Type ver5.7.0 and earlier