Because of this vulnerability, the variable text appears to send unsanitized data back to the users browser.
The vulnerable file is /new-year-firework/firework/index.php.
Update the plugin.
CPE | Name | Operator | Version |
---|---|---|---|
new year firework | le | 1.1.9 |