This vulnerability is in forms/panels.php. It allows an attacker to inject arbitrary web script or HTML via the “tab” parameter that is in the gdbbpress_attachments page to wp-admin/edit.php.
Update the plugin.
CPE | Name | Operator | Version |
---|---|---|---|
gd bbpress attachments | le | 2.2 |