Report
A cross-site scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user's browser and can use an application as the vehicle for the attack. The XSS payload given in the "Custom logo link" executes whenever the user opens the Settings Page of the "Customize Login Image" Plugin.
Score:4.8
Severity:Medium
Version: 3.5.2
There is a patch available in v3.5.3 and we strongly recommend you update to this version as soon as possible.
