Authenticated Persistent Cross-Site Scripting (XSS) vulnerability discovered by Vlad Visse (Patchstack Red Team) in WordPress iQ Block Country plugin (versions <= 1.2.11). Vulnerable parameter: &blockcountry_blockmessage.
Update the WordPress iQ Block Country plugin to the latest available version (at least 1.2.12).
CPE | Name | Operator | Version |
---|---|---|---|
iq block country | le | 1.2.11 |