XSS Vulnerability in Music Store Plugin for WordPress
CVE-2016-10992
6.1MEDIUM
What is CVE-2016-10992?
The Music Store plugin for WordPress, prior to version 1.0.43, is susceptible to a Cross-Site Scripting (XSS) vulnerability. This flaw exists in the 'from_year' parameter within the reports section of the plugin accessible via wp-admin/admin.php?page=music-store-menu-reports. Attackers could exploit this vulnerability to inject malicious scripts, potentially compromising the security of affected WordPress installations and endangering user data.