CVE-2024-6018

Name of the Vulnerable Software and Affected Versions: The Music Request Manager WordPress plugin versions 1.3 and earlier

Description: The issue arises from the failure to escape the $ SERVER['REQUEST URI'] parameter before outputting it back in an attribute. This could lead to Reflected Cross-Site Scripting in old web browsers.

Recommendations: For versions 1.3 and earlier, update to a version that properly escapes the $ SERVER['REQUEST URI'] parameter to prevent Reflected Cross-Site Scripting. As a temporary workaround, consider restricting access to attributes that use the $ SERVER['REQUEST URI'] parameter until a patch is available.