A Cross-site scripting (XSS) vulnerability in /inc/class-search.php in the Sell Media plugin v2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the keyword parameter (aka $search_term or the Search field).
CPE | Name | Operator | Version |
---|---|---|---|
sell-media | eq | 1.7 | |
sell-media | eq | 1.2.6 | |
sell-media | eq | 1.6.4 | |
sell-media | eq | 2.0 | |
sell-media | eq | 2.1.5 | |
sell-media | eq | 1.9.6 | |
sell-media | eq | 2.2.4 | |
sell-media | eq | 2.0.1 | |
sell-media | eq | 2.1.3 | |
sell-media | eq | 2.1.1 |