5.7 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
14.0%
Description The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
patchstack.com/database/vulnerability/wp-ulike/wordpress-wp-ulike-plugin-4-6-8-cross-site-scripting-xss-vulnerability
www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-ulike/wp-ulike-468-authenticated-contributor-stored-cross-site-scripting-via-shortcode