Pie Register < 3.7.0.1 - Reflected Cross-Site Scripting (XSS)

2021-04-0300:00:00

iohex

248

JSON

The plugin does not sanitise the invitaion_code GET parameter when outputting it in the Activation Code page, leading to a reflected Cross-Site Scripting issue.

https://example.com/wp-admin/admin.php?page=pr_new_registration_form&show_dash_widget=1&invitaion_code=PHNjcmlwdD5hbGVydCgxKTs8L3NjcmlwdD4=

References

plugins.trac.wordpress.org/changeset/2507536/

JSON

Related for WPEX-ID:F1B67F40-642F-451E-A67A-B7487918EE34