Protección de Datos RGPD <= 3.1.0 - Reflected XSS

2023-10-2500:00:00

wpscan.com

protección de datos

rgpd

reflected cross-site scripting

plugin

high privilege users

admin

AI Score

5.7

Confidence

High

EPSS

0.001

Percentile

17.0%

JSON

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin

References

patchstack.com/database/vulnerability/click-datos-lopd/wordpress-proteccion-de-datos-rgpd-plugin-3-1-0-reflected-cross-site-scripting-xss-vulnerability

www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/click-datos-lopd/proteccion-de-datos-rgpd-310-reflected-cross-site-scripting