Lesterchan: >> Wp-Useronline Security Vulnerabilities
The WP-UserOnline WordPress plugin before 2.88.3 does not sanitise and escape the X-Forwarded-For header before outputting its content on the page, which allows unauthenticated users to perform Cross-Site Scripting attacks.
CVSS Score
6.1
EPSS Score
0.006
Published
2023-11-27