Beta

Report

BMI BMR Calculator <= 1.3 is vulnerable to Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated
Published
2022-04-18

The BMI BMR Calculator WordPress plugin through 1.3 does not sanitise and escape arbitrary POST data before outputting it back in the response, leading to Reflected Cross-Site Scripting

CVE

https://www.cve.org/CVERecord?id=CVE-2022-1267

CVSS

Score:6.1

Severity:Medium

Version: 1.3

The plugin vendor has not patched this vulnerability at the moment.