CVE-2024-13626

Name of the Vulnerable Software and Affected Versions VR-Frases (collect & share quotes) WordPress plugin version 3.0.1

Description The issue arises from the plugin not sanitizing and escaping a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. This could be used against high privilege users such as admin.

Recommendations For version 3.0.1, update to a version that addresses this issue, as the current version does not properly sanitize and escape parameters, leading to potential Cross-Site Scripting attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.