CVE-2024-13362

Name of the Vulnerable Software and Affected Versions WordPress plugins and themes (affected versions not specified)

Description Multiple plugins and themes for WordPress are susceptible to Reflected Cross-Site Scripting, a flaw where an application includes untrusted data in a web page without proper validation. This occurs due to insufficient input sanitization and output escaping involving the url parameter. Unauthenticated attackers can exploit this to inject arbitrary web scripts into pages, which execute when a user is tricked into clicking a malicious link.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.