WordPress Loading Page with Loading Screen plugin <= 1.0.82 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
PSID
4657a0e5cf0c
Classification
Cross Site Scripting (XSS)
OWASP Top 10
A7: Cross-Site Scripting (XSS)
Required privilege
Requires high role user authentication like admin.
Publicly disclosed
2022-06-23
Patchstack vPatch available since
09.12.2021
Details
Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Nikhil Kapoor in WordPress Loading Page with Loading Screen plugin (versions <= 1.0.82).
Solution
Update the WordPress Loading Page with Loading Screen plugin to the latest available version (at least 1.0.83).
References
Vulnerability advisory