2021-04-05 18:27:45
WPScan
PUBLISHED
Unvalidated input and lack of output encoding within the Related Posts for WordPress plugin before 2.0.4 lead to a Reflected Cross-Site Scripting (XSS) vulnerability within the lang GET parameter while editing a post, triggered when users with the capability of editing posts access a malicious URL.