The Simple File List WordPress plugin prior to 4.4.12 does not escape parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
simplefilelist simple-file-list |