CVE-2024-13823

Name of the Vulnerable Software and Affected Versions 360 Product Rotation WordPress plugin versions 1.5.8 and earlier

Description The issue is related to a Reflected Cross-Site Scripting error. This occurs because a parameter is not properly sanitized and escaped before being outputted back in the page. The error could be used against only unauthenticated users.

Recommendations For versions 1.5.8 and earlier, update to a version that properly sanitizes and escapes parameters before outputting them back in the page. As a temporary workaround, consider restricting access to the plugin's functionality to minimize the risk of exploitation.