Beta

Report

GamePress <= 1.1.0 is vulnerable to Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated
Published
2021-09-19

The GamePress WordPress plugin through 1.1.0 does not escape the op_edit POST parameter before outputting it back in multiple Game Option pages, leading to Reflected Cross-Site Scripting issues

CVE

https://www.cve.org/CVERecord?id=CVE-2021-24617

CVSS

Score:6.1

Severity:Medium

Version: 1.1.0

The plugin vendor has not patched this vulnerability at the moment.