WordPress SupportFlow Plugin <= 0.6 - Stored Cross-Site Scripting (XSS)
- This plugin is prone to a stored XSS vulnerability, because the subject is not escaped before being used in the value attribute of the subject input element in the admin-side ticket form.
- Update the plugin.
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
- Name CVE-N/A
Fixed In 0.7
- Disclosure date