Impact
Unauthenticated Reflected Cross Site Scripting exists in Eli's WordCents adSense Widget with Analytics plugin versions 1.3.03.27 and earlier, allowing an attacker to inject malicious scripts into the page content. The vulnerability is a classic CWE‑79 flaw.
Affected Systems
All installations running version 1.3.03.27 or older are impacted. Later releases may contain a fix.
Risk and Exploitability
The CVSS score is 7.1, indicating high severity. The EPSS score of <1% shows a low likelihood of exploitation in the near term, and it is not listed in the CISA KEV catalog. Based on the description stating “Unauthenticated”, it is inferred that the likely attack vector involves crafting a malicious URL or input that the plugin echoes without proper encoding, enabling the attacker to run scripts in the victim’s browser.
OpenCVE Enrichment