Vladimir Statsenko · Terms Descriptions Plugin · CVE-2023-28779
**Name of the Vulnerable Software and Affected Versions**
Vladimir Statsenko Terms descriptions plugin versions <= 3.4.4
**Description**
The issue is related to an Unauth. Reflected Cross-Site Scripting (XSS) vulnerability. This type of vulnerability allows an attacker to inject malicious scripts into a website, potentially leading to unauthorized actions on behalf of the user.
**Recommendations**
For versions <= 3.4.4, update to a version higher than 3.4.4 to resolve the issue.
As a temporary workaround, consider restricting access to sensitive areas of the plugin to minimize the risk of exploitation.
Avoid using the plugin until the issue is resolved.