Name of the Vulnerable Software and Affected Versions:

User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds plugin for WordPress versions 1.0.13 and earlier

Description:

The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts in the feedback submission page, which will execute when a user clicks the link while pressing the command key. The `page submitted` `link` value is specifically vulnerable to this type of attack.

Recommendations:

For versions 1.0.13 and earlier, update to a version later than 1.0.13 to resolve the issue.

As a temporary workaround, consider disabling the feedback submission page until a patch is available.

Restrict access to the `page submitted` link value to minimize the risk of exploitation.

Avoid using the `link` value in the feedback submission page until the issue is resolved.