2023-10-31 13:54:45
WPScan
PUBLISHED
The Fattura24 WordPress plugin before 6.2.8 does not sanitize or escape the id parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting vulnerability.