The School Management System – WPSchoolPress WordPress plugin prior to 2.1.17 sanitise some fields using sanitize_text_field() but does not escape them before outputting in attributes, resulting in Stored Cross-Site Scripting issues.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
igexsolutions wpschoolpress |