An XSS vulnerability in qcopd-shortcode-generator.php in the Simple Link Directory plugin before 7.3.5 for WordPress allows remote attackers to inject arbitrary web script or HTML, because esc_html is not called for the "echo get_the_title()" or "echo $term->name" statement.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-03-20T20:40:01
Updated: 2020-03-20T20:40:01
Reserved: 2019-07-09T00:00:00
Link: CVE-2019-13463
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-03-20T21:15:15.220
Modified: 2020-03-24T20:12:26.497
Link: CVE-2019-13463
JSON object: View
Redhat Information
No data.
CWE