logo
DATABASE RESOURCES PRICING ABOUT US

Favicon by RealFaviconGenerator < 1.3.22 - Reflected Cross-Site Scripting (XSS)

Description

The plugin does not sanitise or escape one of its parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting (XSS) which is executed in the context of a logged administrator. Timeline (WPScanTeam): June 28th, 2021 - Details sent to vendor July 9th, 2021 - Escalated to WP due to lack of response from vendor July 27th, 2021 - No update, disclosing August 9th, 2021 - v1.3.22 released, fixing the issue


Related