April 11, 2021

SpywareNews.com

Dedicated Forum to help removing adware, malware, spyware, ransomware, trojans, viruses and more!

CVE-2021-24180

Unvalidated input and lack of output encoding within the Related Posts for WordPress plugin before 2.0.4 lead to a Reflected Cross-Site Scripting (XSS) vulnerability within the ‘lang’ GET parameter while editing a post, triggered when users with the capability of editing posts access a malicious URL.