WordPress CDI plugin <= 5.1.8 - Reflected Cross-Site-Scripting (XSS) vulnerability
Vulnerable versions
<= 5.1.8
PSID
11d0ac907d8e
Classification
Cross Site Scripting (XSS)
OWASP Top 10
A7: Cross-Site Scripting (XSS)
Required privilege
Publicly disclosed
2022-06-21
Patchstack vPatch available since
09.12.2021
Details
Reflected Cross-Site-Scripting (XSS) vulnerability discovered by WordPress CDI plugin (versions <= 5.1.8).
Solution
Update the WordPress CDI plugin to the latest available version (at least 5.1.9).
References
Vulnerability advisory