Beta

Report

Mediumish <= 1.0.47 is vulnerable to Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated
Published
2021-03-13

The search feature of the Mediumish WordPress theme through 1.0.60 does not properly sanitise it's 's' GET parameter before output it back the page, leading to the Cross-SIte Scripting issue.

CVE

https://www.cve.org/CVERecord?id=CVE-2021-24316

CVSS

Score:6.1

Severity:Medium

Version: 1.0.47

The plugin vendor has not patched this vulnerability at the moment.