XSS Security Vulnerability | ww.wp.xz.cn

jonathanbird1
(@jonathanbird1)

1 year ago

The Woobox plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Details of the security vulnerability: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/woobox/woobox-16-authenticated-contributor-stored-cross-site-scripting-1

Can you advise when this serious issue is fixed?

The topic ‘XSS Security Vulnerability’ is closed to new replies.

0 replies
1 participant
Last reply from: jonathanbird1
Last activity: 1 year ago
Status: not resolved