Beta

Report

Z-URL Preview <= 1.6.2 is vulnerable to Cross-Site Scripting (XSS) vulnerability

Unauthenticated
Published
2018-01-07

The Z-URL Preview plugin 1.6.1 for WordPress has XSS via the class.zlinkpreview.php url parameter.

CVE

https://www.cve.org/CVERecord?id=CVE-2017-18012

CVSS

Score:6.1

Severity:Medium

Version: 1.6.2

There is a patch available in v2.0.0 and we strongly recommend you update to this version as soon as possible.