WP Hardening <= 1.2.1 is vulnerable to Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated

Published
2021-06-06

The WP Hardening – Fix Your WordPress Security WordPress plugin before 1.2.2 did not sanitise or escape the historyvalue GET parameter before outputting it in a Javascript block, leading to a reflected Cross-Site Scripting issue.

CVE

https://www.cve.org/CVERecord?id=CVE-2021-24373

CVSS

Score:4.7

Severity:Medium

Version: 1.2.1

There is a patch available in v1.2.2 and we strongly recommend you update to this version as soon as possible.