The plugin does not escape the $_SERVER[‘REQUEST_URI’] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers
https://example.com/wp-admin/edit.php?post_type=envira&page;=envira-gallery-lite-addons&">
CPE | Name | Operator | Version |
---|---|---|---|
envira-gallery-lite | lt | 1.8.4.7 |