WordPress Sell Media plugin <= 2.4.1 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability

2020-08-1400:00:00

Metamorfosec

patchstack.com

0.001 Low

EPSS

Percentile

47.6%

Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability found by Metamorfosec in WordPress Sell Media plugin (versions <= 2.4.1).

Solution

           Update the WordPress Sell Media plugin to the latest available version (at least 2.4.2).

CPENameOperatorVersion
sell mediale2.4.1

CPE	Name	Operator	Version
	sell media	le	2.4.1

metamorfosec.com/Files/Advisories/METS-2020-001-A_XSS_Vulnerability_in_Sell_Media_Plugin_v2.4.1_for_WordPress.txt

wordpress.org/plugins/sell-media/#developers

0.001 Low

EPSS

Percentile

47.6%

Related for PATCHSTACK:AA07E9462719C0F430EF2625701A2CE2