The Cloud Manager WordPress plugin up to and including 1.0 does not sanitise and escape the query param ricerca before outputting it in an admin panel, allowing unauthenticated malicious users to trick a logged in admin to trigger a XSS payload by clicking a link.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
cloud manager project cloud manager |
Vulmon