WordPress Highlight Focus plugin <= 1.1 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

2022-10-1300:00:00

Mariam Tariq (HunterSherlock)

patchstack.com

wordpress

highlight focus

cross-site scripting

mariam tariq

deactivate

EPSS

0.001

Percentile

24.8%

JSON

Auth. Stored Cross-Site Scripting (XSS) vulnerability discovered by Mariam Tariq in the WordPress Highlight Focus plugin (versions <= 1.1).

Solution

Deactivate and delete. This plugin has been closed as of October 12, 2022 and is not available for download. This closure is temporary, pending a full review.

References

wpscan.com/vulnerability/b583de48-1332-4984-8c0c-a7ed4a2397cd

EPSS

0.001

Percentile

24.8%

JSON

Related for PATCHSTACK:45FF41E2266E651349DD55C85528354C