Upsolution Core
Monthly
A Reflected Cross-Site Scripting (XSS) vulnerability exists in UpSolution Core plugin versions through 8.41, allowing attackers to inject malicious scripts into web pages viewed by other users. The vulnerability affects the UpSolution Core WordPress plugin (CPE: cpe:2.3:a:upsolution:upsolution_core), enabling attackers to steal session tokens, perform actions on behalf of users, or redirect users to malicious sites through crafted URLs. No CVSS score, EPSS probability, or KEV status is currently available, though Patchstack has confirmed and documented this as a reflected XSS vulnerability.
A Reflected Cross-Site Scripting (XSS) vulnerability exists in UpSolution Core plugin versions through 8.41, allowing attackers to inject malicious scripts into web pages viewed by other users. The vulnerability affects the UpSolution Core WordPress plugin (CPE: cpe:2.3:a:upsolution:upsolution_core), enabling attackers to steal session tokens, perform actions on behalf of users, or redirect users to malicious sites through crafted URLs. No CVSS score, EPSS probability, or KEV status is currently available, though Patchstack has confirmed and documented this as a reflected XSS vulnerability.