WordPress Fotobook plugin <= 3.2.3 - Reflected Cross-Site Scripting (XSS) vulnerability

2022-01-3100:00:00

p7e4

patchstack.com

JSON

Reflected Cross-Site Scripting (XSS) vulnerability discovered by p7e4 in WordPress Fotobook plugin (versions <= 3.2.3).

Solution

Deactivate and delete. This plugin has been closed as of January 27, 2022 and is not available for download. This closure is temporary, pending a full review.

CPENameOperatorVersion
fotobookle3.2.3

CPE	Name	Operator	Version
	fotobook	le	3.2.3

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-03801

wordpress.org/plugins/fotobook/

www.wordfence.com/vulnerability-advisories/

JSON

Related for PATCHSTACK:9059263A5B7B1F0DC3477CD94CEB2CED