Plugin is vulnerable to Stored Cross-Site Scripting | ww.wp.xz.cn

preetindersodhi
(@preetindersodhi)

3 years, 4 months ago

Please patch the plugin.

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/similar-posts/similar-posts-best-related-posts-plugin-for-wordpress-316-authenticated-admin-stored-cross-site-scripting

The Similar Posts – Best Related Posts Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for attackers authenticated as an administrator to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

The topic ‘Plugin is vulnerable to Stored Cross-Site Scripting’ is closed to new replies.

Tags

Cross-site scripting

0 replies
1 participant
Last reply from: preetindersodhi
Last activity: 3 years, 4 months ago
Status: not resolved