Page 2 of 6 results (0.001 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

The Image Hover Effects Ultimate (Image Gallery, Effects, Lightbox, Comparison or Magnifier) WordPress plugin before 9.7.1 does not escape the effects parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting El plugin Image Hover Effects Ultimate (Image Gallery, Effects, Lightbox, Comparison or Magnifier) de WordPress versiones anteriores a 9.7.1, no escapa del parámetro effects antes de devolverlo en un atributo en una página de administración, conllevando a un problema de tipo Cross-Site Scripting Reflejado • https://plugins.trac.wordpress.org/changeset/2648086 https://wpscan.com/vulnerability/1fbcf5ec-498e-4d40-8577-84b8c7ac3201 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •