CVE-2024-8056

Name of the Vulnerable Software and Affected Versions: MM-Breaking News WordPress plugin versions 0.7.9 and earlier

Description: The issue arises from the failure to escape the $ SERVER['REQUEST URI'] parameter before outputting it back in an attribute. This could lead to Reflected Cross-Site Scripting in old web browsers.

Recommendations: For MM-Breaking News WordPress plugin versions 0.7.9 and earlier, update to a version later than 0.7.9 to resolve the issue. As a temporary workaround, consider disabling the plugin until a patch is available. Restrict access to attributes that output the $ SERVER['REQUEST URI'] parameter to minimize the risk of exploitation. Avoid using the $ SERVER['REQUEST URI'] parameter in attributes until the issue is resolved.