CVE-2023-0937

Name of the Vulnerable Software and Affected Versions VK All in One Expansion Unit WordPress plugin versions prior to 9.87.1.0

Description The issue concerns the failure to escape the REQUEST URI parameter before outputting it back in an attribute, potentially leading to Reflected Cross-Site Scripting in older web browsers.

Recommendations For versions prior to 9.87.1.0, update to version 9.87.1.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the attribute that outputs the REQUEST URI parameter to minimize the risk of exploitation.