Cross-Site Scripting (XSS) vulnerability found by Benjamin Lim in WordPress Participants Database plugin version 1.7.5.9 and earlier versions. Data of the text input field of the plugin passed without escaping HTML special characters thus allows an attacker to insert javascript.
Update the WordPress Participants Database plugin to the latest available version (at least 1.7.5.10).
CPE | Name | Operator | Version |
---|---|---|---|
participants database | le | 1.7.5.9 |