Bootstrapped: >> Dynamic Widgets Security Vulnerabilities
The Dynamic Widgets WordPress plugin through 1.5.16 does not escape the prefix parameter before outputting it back in an attribute when using the term_tree AJAX action (available to any authenticated users), leading to a Reflected Cross-Site Scripting issue
CVSS Score
5.4
EPSS Score
0.006
Published
2022-02-28