The Menubar WordPress plugin prior to 5.8 does not sanitise and escape the command parameter before outputting it back in the response via the menubar AJAX action (available to any authenticated users), leading to a Reflected Cross-Site Scripting
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
menubar menubar |