1 results (0.001 seconds)

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MyThemeShop WP Subscribe plugin <= 1.2.12 on WordPress. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) Almacenado y Autenticado (admin+) en el plugin MyThemeShop WP Subscribe versiones anteriores a 1.2.12 incluyéndola, en WordPress WP Subscribe versions up to 1.2.12 is vulnerable to Cross-Site Scripting. This allows authenticated attackers to inject JavaScript into the database. • https://patchstack.com/database/vulnerability/wp-subscribe/wordpress-wp-subscribe-plugin-1-2-12-authenticated-stored-cross-site-scripting-xss-vulnerability https://wordpress.org/plugins/wp-subscribe/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •