CVE-2021-25047 – 10Web Social Photo Feed < 1.4.29 - Reflected Cross-Site Scripting (XSS)

https://notcve.org/view.php?id=CVE-2021-25047

The 10Web Social Photo Feed WordPress plugin before 1.4.29 was affected by a reflected Cross-Site Scripting (XSS) vulnerability in the wdi_apply_changes admin page, allowing an attacker to perform such attack against any logged in users El plugin 10Web Social Photo Feed de WordPress versiones anteriores a 1.4.29, estaba afectado por una vulnerabilidad de tipo Cross-Site Scripting (XSS) Reflejada en la página de administración wdi_apply_changes, permitiendo a un atacante llevar a cabo un ataque de este tipo contra cualquier usuario conectado • https://wpscan.com/vulnerability/d33241cc-17b6-491a-b836-dd9368652316 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •