The ??? ??? ??? WordPress plugin before 2.9.3 does not sanitise and escape some parameters, allowing unauthenticated attackers to send a request with XSS payloads, which will be triggered when a high privilege users such as admin visits a page from the plugin.
CPE | Name | Operator | Version |
---|---|---|---|
pardakht-delkhah | lt | 2.9.3 |