Rock Convert, CVE-2022-3440

CVE, Research URL: CVE-2022-3440
Home page URL: Security reports for Rock Convert
Application: Rock Convert
Published on: Oct 31, 2022
Research Description: The Rock Convert WordPress plugin before 2.11.0 does not sanitise and escape an URL before outputting it back in an attribute when a specific widget is present on a page, leading to a Reflected Cross-Site Scripting
Affected versions: max 2.11.0.
Status: vulnerable