Sign-up Sheets, CVE-2024-6020

CVE, Research URL: CVE-2024-6020
Home page URL: Security reports for Sign-up Sheets
Application: Sign-up Sheets
Published on: Sep 04, 2024
Research Description: The Sign-up Sheets WordPress plugin before 2.2.13 does not escape some generated URLs, as well as the $_SERVER['REQUEST_URI'] parameter before outputting them back in attributes, which could lead to Reflected Cross-Site Scripting.
Affected versions: Min -, max 2.2.13.
Status: vulnerable