Postlists
1 CVEs
product
Monthly
The PostLists WordPress plugin through 2.0.2 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
WordPress
XSS
Postlists
NVD
WPScan
CVSS 3.1
4.2
EPSS
0.2%
EPSS 0%
CVSS 4.2
MEDIUM
POC
Monitor
The PostLists WordPress plugin through 2.0.2 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
WordPress
XSS
Postlists
NVD
WPScan