2021-06-21 19:18:19
WPScan
PUBLISHED
The WP Hardening – Fix Your WordPress Security WordPress plugin before 1.2.2 did not sanitise or escape the $_SERVER[REQUEST_URI] before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue.