CVE-2019-6112

Name of the Vulnerable Software and Affected Versions Sell Media plugin version 2.4.1 for WordPress

Description A Cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the keyword parameter (also known as $search term or the Search field) in the /inc/class-search.php file. This enables attackers to execute malicious scripts on the client-side.

Recommendations For Sell Media plugin version 2.4.1, consider disabling the search functionality in /inc/class-search.php until a patch is available, or avoid using the keyword parameter in the affected API endpoint to minimize the risk of exploitation.