The Coming Soon by Supsystic WordPress plugin prior to 1.7.6 does not sanitise and escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
subsystic coming soon |