CVE-2021-38322
The CVE concerns the Twitter Friends Widget WordPress plugin (versions up to 3.1) and is a Reflected Cross-Site Scripting (XSS) vulnerability triggered via the pmc_TF_user and pmc_TF_password parameters in ~/twitter-friends-widget.php. Affected component: WordPress plugin code handling these inpu...