The plugin does not properly escape the current page URL before reusing it in a HTML attribute, leading to a reflected cross site scripting vulnerability.
On a page or post with a search form, add the following url query parameter: ?%22%3E%3Cscript%3Ealert(1)%3C/script%3E
Kevin Barbón García, David Álvarez Robles, Francisco Díaz-Pache Alonso & Sergio Corral Cristo
Kevin Barbón García
Yes
2022-04-12 (about 9 months ago)
2022-04-12 (about 9 months ago)
2022-04-13 (about 9 months ago)