Report
The OpenID Connect Generic Client WordPress plugin 3.8.0 and 3.8.1 did not sanitise the login error when output back in the login form, leading to a reflected Cross-Site Scripting issue. This issue does not require authentication and can be exploited with the default configuration.
Score:6.1
Severity:Medium
Version: 3.8.1
There is a patch available in v3.8.2 and we strongly recommend you update to this version as soon as possible.
