I Recommend This 3

To plugin page VDP

WordPress I Recommend This Plugin <= 3.8.3 is vulnerable to Cross Site Scripting (XSS)

This plugin was still closed for Security Reason as of October 27th 2023. A patch was added in plugin version 3.9.0, but this version isn't available yet. Alternatively, it can be downloaded at https://github.com/webtions/i-recommend-this/releases/tag/3.9.0

Patch within 30 days Low priority

Not known to be exploited Report an attack

5.9

Medium severity CVSS 3.1 score

Patchstack is the official security point of contact for this software.

Enable Protection

Patchstack is the official security point of contact for WordPress I Recommend This plugin.

Patchstack Professional users are protected since 09.12.2022

Enable Protection

Solution

Update to fix

Update the WordPress I Recommend This plugin to the latest available version (at least 3.9.0).

Rio Darmawan discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress I Recommend This Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 3.9.0.

Other vulnerabilities in this plugin

1 present

2 patched

View all