CVE-2024-5713
13.07.2024, 06:15
The If-So Dynamic Content Personalization WordPress plugin before 1.8.0.4 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers
| Vendor | Product | Version |
|---|---|---|
| if-so | dynamic_content_personalization | 𝑥 < 1.8.0.4` |
| if-so | if-so | 𝑥 < 1.8.0.4 |
𝑥
= Vulnerable software versions