Mohammad Nikouei

**Name of the Vulnerable Software and Affected Versions** Wp-ImageZoom WordPress plugin versions prior to 1.1.1 **Description** The Wp-ImageZoom WordPress plugin does not sanitise and escape some parameters before outputting them back in a page, leading to a Reflected Cross-Site Scripting issue. This could be used against high privilege users such as admin. **Recommendations** For versions prior to 1.1.1, update to version 1.1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's functionality to minimize the risk of exploitation. Avoid using the vulnerable parameters in the affected API endpoints until the issue is resolved.