WordPress Core plugin for Kitestudio themes <= 2.3.0 - Reflected Cross-Site-Scripting (XSS) vulnerability
Vulnerable versions
<= 2.3.0
PSID
324657432f6d
Classification
Cross Site Scripting (XSS)
OWASP Top 10
A7: Cross-Site Scripting (XSS)
Required privilege
Publicly disclosed
2022-06-16
Patchstack vPatch available since
09.12.2021
Details
Reflected Cross-Site-Scripting (XSS) vulnerability discovered by cydave in WordPress Core plugin for Kitestudio themes (versions <= 2.3.0).
Solution
Update the WordPress Core plugin for Kitestudio themes to the latest available version (at least 2.3.1).
References
Vulnerability details