WordPress Theater for WordPress plugin <= 0.18.6.2 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Theater for WordPress versions = 0.18.6.2...

CVE-2024-11371

The Theater for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 0.18.6.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts...

CVE-2024-11371

CVE-2024-11371 concerns the Theater for WordPress plugin. Public docs confirm a Reflected Cross-Site Scripting (XSS) flaw caused by using add_query_arg without proper escaping, affecting all versions up to and including 0.18.6.2. The vulnerability allows unauthenticated attackers to inject script...

WordPress plugin Theater 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...