Fluent Crm
Monthly
Reflected cross-site scripting in the WPManageNinja Fluent CRM WordPress plugin (all versions through 3.1.7) lets a remote unauthenticated attacker inject script that executes in a victim's browser when they follow a crafted link. Because the CVSS scope is changed (S:C), successful exploitation can affect resources beyond the vulnerable component, typically hijacking an authenticated WordPress admin session within the wp-admin context. No public exploit has been identified at time of analysis, and it is not listed in CISA KEV.
Reflected cross-site scripting in the WPManageNinja Fluent CRM WordPress plugin (all versions through 3.1.7) lets a remote unauthenticated attacker inject script that executes in a victim's browser when they follow a crafted link. Because the CVSS scope is changed (S:C), successful exploitation can affect resources beyond the vulnerable component, typically hijacking an authenticated WordPress admin session within the wp-admin context. No public exploit has been identified at time of analysis, and it is not listed in CISA KEV.