The Stop Spammers WordPress plugin prior to 2021.9 did not escape user input when blocking requests (such as matching a spam word), outputting it in an attribute after sanitising it to remove HTML tags, which is not sufficient and lead to a reflected Cross-Site Scripting issue.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
trumani stop spammers |