WordPress WordSurvey plugin <= 3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via sounding_title Parameter vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via soundingtitle Parameter vulnerability discovered by Artem Polynko Artem Polynko in WordPress Plugin WordSurvey versions = 3.2...

PT-2024-37859 · WordPress · Wordsurvey

Name of the Vulnerable Software and Affected Versions: WordSurvey plugin for WordPress versions up to, and including, 3.2 Description: The issue is related to Stored Cross-Site Scripting via the sounding title parameter due to insufficient input sanitization and output escaping. This allows...