CVE-2016-11005

Name of the Vulnerable Software and Affected Versions instalinker plugin versions prior to 1.1.2

Description The issue concerns a problem with the instalinker plugin, where the includes/instalinker-admin-preview.php endpoint is vulnerable to XSS attacks when the client id parameter is used.

Recommendations For versions prior to 1.1.2, update to version 1.1.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the includes/instalinker-admin-preview.php endpoint until the update is applied. Avoid using the client id parameter in the affected endpoint until the issue is resolved.