WordPress Terms descriptions Plugin <= 3.4.4 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-28779
7.1HIGH
What is CVE-2023-28779?
An unauthenticated reflected cross-site scripting (XSS) vulnerability has been discovered in the Terms Descriptions plugin for WordPress developed by Vladimir Statsenko. This flaw allows attackers to inject malicious scripts into web pages viewed by users, potentially leading to session hijacking and unauthorized actions. Users of the affected plugin versions should urgently apply security patches to mitigate the risks associated with this vulnerability.
Affected Version(s)
Terms descriptions <= 3.4.4