The Rock Convert WordPress plugin before 2.11.0 does not sanitise and escape an URL before outputting it back in an attribute when a specific widget is present on a page, leading to a Reflected Cross-Site Scripting
CPE | Name | Operator | Version |
---|---|---|---|
rock_convert | lt | 2.11.0 |