XSS Vulnerability in Shibboleth Plugin for WordPress
CVE-2017-14313
6.1MEDIUM
What is CVE-2017-14313?
The Shibboleth plugin for WordPress prior to version 1.8 contains a Cross-Site Scripting (XSS) vulnerability in the shibboleth_login_form function located in shibboleth.php. This issue arises from improper utilization of the add_query_arg() function, which may allow attackers to inject malicious JavaScript code into the page, leading to potential exposure of sensitive user information or unauthorized actions being performed on behalf of the user.