Required CVE Record Information
Description
The Index WP MySQL For Speed WordPress plugin before 1.4.18 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Credits
- Guido Iván García Duva finder
- WPScan coordinator
References 1 Total
- https://wpscan.com/vulnerability/89791a80-5cff-4a1a-8163-94b5be4081a5/ exploitvdb-entrytechnical-description
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 1 Total
- https://wpscan.com/vulnerability/89791a80-5cff-4a1a-8163-94b5be4081a5/ exploitvdb-entrytechnical-descriptionx_transferred