The WP Shieldon WordPress plugin, versions 1.6.3 and below, were vulnerable to Unauthenticated Reflected Cross-Site Scripting (XSS) when the CAPTCHA page is shown. This was due to $_SERVER[βREQUEST_URIβ] being echoed to a page without any encoding.
CPE | Name | Operator | Version |
---|---|---|---|
wp-shieldon | eq | * |