Submeter #564749: Question2Answer Question2Answer Plugin 1.4.6 Cross Site Scriptinginformação

Título	Question2Answer Question2Answer Plugin 1.4.6 Cross Site Scripting
Descrição	An XSS vulnerability that also allows account theft just by clicking on the Plugin notification, it is a very famous plugin, being listed even on Question2Answer's recommended page, it was estimated at about ~20 thousand users, I reported it to the developer, he recognized it and fixed it https://github.com/q2apro/q2apro-on-site-notifications/issues/43 https://github.com/q2apro/q2apro-on-site-notifications/commit/0ca85ca02f8aceb661e9b71fd229c45d388ea5b5
Fonte	⚠️ https://github.com/q2apro/q2apro-on-site-notifications/issues/43
Utilizador	Canguru (UID 84603)
Submissão	24/04/2025 10h12 (há 12 meses)
Moderação	05/05/2025 19h21 (11 days later)
Estado	Aceite
Entrada VulDB	307479 [q2apro q2apro-on-site-notifications até 1.4.6 q2apro-onsitenotifications-page.php process_request Script de Site Cruzado]
Pontos	20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!