Fudousan Pro (single) <= 5.7.0 is vulnerable to Authenticated Cross-Site Scripting (XSS) vulnerability

Subscriber

Published
2021-06-21

Cross-site scripting vulnerability in Fudousan plugin ver5.7.0 and earlier, Fudousan Plugin Pro Single-User Type ver5.7.0 and earlier, and Fudousan Plugin Pro Multi-User Type ver5.7.0 and earlier allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.

CVE

https://www.cve.org/CVERecord?id=CVE-2021-20749

CVSS

Score:5.4

Severity:Medium

Version: 5.7.0

There is a patch available in v5.7.2 and we strongly recommend you update to this version as soon as possible.