Отправить #564749: Question2Answer Question2Answer Plugin 1.4.6 Cross Site ScriptingИнформация

TitleQuestion2Answer Question2Answer Plugin 1.4.6 Cross Site Scripting
DescriptionAn XSS vulnerability that also allows account theft just by clicking on the Plugin notification, it is a very famous plugin, being listed even on Question2Answer's recommended page, it was estimated at about ~20 thousand users, I reported it to the developer, he recognized it and fixed it https://github.com/q2apro/q2apro-on-site-notifications/issues/43 https://github.com/q2apro/q2apro-on-site-notifications/commit/0ca85ca02f8aceb661e9b71fd229c45d388ea5b5
Source⚠️ https://github.com/q2apro/q2apro-on-site-notifications/issues/43
User
 Canguru (UID 84603)
Submission24.04.2025 10:12 (3 месяцы назад)
Moderation05.05.2025 19:21 (11 days later)
Statusпринято
VulDB Entry307479 [q2apro q2apro-on-site-notifications до 1.4.6 q2apro-onsitenotifications-page.php process_request межсайтовый скриптинг]
Points20

Do you want to use VulDB in your project?

Use the official API to access entries easily!