Vulnerabilities and security researches forwp-oer wp-oer

Jun 07, 2024

CVE, Research URL: 41a2f0929035b1fd78991004b5d7fafca667f9cd
Home page URL: Security reports for WP OER
Application: WP OER
Date: Jun 17, 2022
Research Description: WP OER [wp-oer] < 0.9.1 WP OER <= 0.9.0 - Cross-Site Scripting The WP OER plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters in versions up to, and including, 0.9.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions: max 0.9.1.
Status: vulnerable