An XSS vulnerability in qcopd-shortcode-generator.php in the Simple Link Directory plugin before 7.3.5 for WordPress allows remote attackers to inject arbitrary web script or HTML, because esc_html is not called for the "echo get_the_title()" or "echo $term->name" statement.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-03-20T20:40:01
Updated: 2024-08-04T23:57:37.897Z
Reserved: 2019-07-09T00:00:00
Link: CVE-2019-13463
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-03-20T21:15:15.220
Modified: 2024-11-21T04:24:57.280
Link: CVE-2019-13463
Redhat
No data.