Cross-Site Scripting Vulnerabilities in Timesheet Plugin for WordPress
CVE-2017-18590
6.1MEDIUM
What is CVE-2017-18590?
The Timesheet Plugin for WordPress, prior to version 0.1.5, suffers from multiple vulnerabilities that allow for Cross-Site Scripting (XSS) attacks. Unsanitized input from users can be exploited by attackers, leading to the execution of malicious scripts within the user's browser. This can potentially compromise sensitive user data and site integrity, making it crucial for administrators to update to a secure version.