First published: Mon Jun 07 2021(Updated: )
The JNews WordPress theme before 8.0.6 did not sanitise the cat_id parameter in the POST request /?ajax-request=jnews (with action=jnews_build_mega_category_*), leading to a Reflected Cross-Site Scripting (XSS) issue.
Credit: contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
Jnews Jnews | <8.0.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.