The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Note: This is very likely the same issue than https://wpscan.com/vulnerability/b9afd95b-a799-4086-a990-b9109a842d7d, however the original advisory does not have any details about which parameter is affected
CPE | Name | Operator | Version |
---|---|---|---|
mediciti-lite | eq | * |