Writeprint Stylometry
Monthly
The Writeprint Stylometry WordPress plugin (versions up to 0.1) contains a Reflected Cross-Site Scripting (XSS) vulnerability in the bjl_wprintstylo_comments_nav() function that fails to properly sanitize and escape the 'p' GET parameter before outputting it in HTML href attributes. An attacker can craft a malicious link containing arbitrary JavaScript code and trick users into clicking it, resulting in session hijacking, credential theft, or malware distribution. The vulnerability requires user interaction (clicking a link) but has a network attack vector with low complexity and no privilege requirements, making it a practical threat in WordPress ecosystems.
The Writeprint Stylometry WordPress plugin (versions up to 0.1) contains a Reflected Cross-Site Scripting (XSS) vulnerability in the bjl_wprintstylo_comments_nav() function that fails to properly sanitize and escape the 'p' GET parameter before outputting it in HTML href attributes. An attacker can craft a malicious link containing arbitrary JavaScript code and trick users into clicking it, resulting in session hijacking, credential theft, or malware distribution. The vulnerability requires user interaction (clicking a link) but has a network attack vector with low complexity and no privilege requirements, making it a practical threat in WordPress ecosystems.