Sweetdate Core
Monthly
Reflected cross-site scripting in the SweetDate Core WordPress plugin versions prior to 1.1.5 allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser when the victim is lured into clicking a crafted link. The CVSS 3.1 score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C) reflects unauthenticated network reach with required user interaction and a scope change typical of stored/reflected XSS in browser contexts. No public exploit identified at time of analysis and no EPSS or KEV signal was provided.
Reflected cross-site scripting in the SweetDate Core WordPress plugin versions prior to 1.1.5 allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser when the victim is lured into clicking a crafted link. The CVSS 3.1 score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C) reflects unauthenticated network reach with required user interaction and a scope change typical of stored/reflected XSS in browser contexts. No public exploit identified at time of analysis and no EPSS or KEV signal was provided.