CVE-2021-38358

Name of the Vulnerable Software and Affected Versions MoolaMojo WordPress plugin versions up to and including 0.7.4.1

Description The issue allows attackers to inject arbitrary web scripts via the classes parameter found in the ~/views/button-generator.html.php file, enabling Reflected Cross-Site Scripting attacks.

Recommendations For versions up to and including 0.7.4.1, update to a version later than 0.7.4.1 to resolve the issue. As a temporary workaround, consider restricting access to the ~/views/button-generator.html.php file or disabling the classes parameter to minimize the risk of exploitation.