Cross-site scripting (XSS) vulnerability was discovered by High-Tech Bridge Security Research Lab in CommentLuv WordPress plugin 2.92.3, which can be exploited by a malicious people to perform attacks. The vulnerability exists due to insufficient filtration of user-supplied data in "_ajax_nonce" HTTP POST parameter in the "wp-admin/admin-ajax.php" script.
CommentLuv is a popular WordPress plugin that will magnetize your readers, socialize your comments and viralize your posts.
For solution upgrade to CommentLuv 2.92.4
No comments:
Post a Comment