Name of the Vulnerable Software and Affected Versions:

Infility Global WordPress plugin versions 2.9.8 and earlier

Description:

The issue arises because the Infility Global WordPress plugin does not properly sanitise and escape a `parameter` before outputting it back in the page. This leads to a Reflected Cross-Site Scripting issue, which could be used against high privilege users such as the administrator.

Recommendations:

Infility Global WordPress plugin version 2.9.8 and earlier: Update the Infility Global WordPress plugin to a version later than 2.9.8 to resolve the issue.