2024-09-04 06:00:02
WPScan
PUBLISHED
The Sign-up Sheets WordPress plugin before 2.2.13 does not escape some generated URLs, as well as the $_SERVER[REQUEST_URI] parameter before outputting them back in attributes, which could lead to Reflected Cross-Site Scripting.