2021-05-14 11:38:17
WPScan
PUBLISHED
The tab GET parameter of the settings page is not sanitised or escaped when being output back in an HTML attribute, leading to a reflected XSS issue.