CVE-2021-38333

The WP Scrippets WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /wp-scrippets.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.5.1...

WordPress 插件 跨站脚本漏洞

WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the WordPress plugin WP Scrippets 1.5.1 and earlier versions, which stems from a lack of valid validation and escaping of the $SERVER"PHPSELEF" value in /wp-scrippets. An attacker...