WordPress WP Customer Area Plugin <= 7.4.2 - Reflected Cross Site Scripting vulnerability
WP Customer Area
The value of $_REQUEST[‘page’] parameter is not escaped in the template files - /src/php/core-addons/admin-area/templates/. This allows an attacker to execute a reflected cross site scripting attack. The vulnerability was fixed in version 7.4.3.