Description
The WPQA Builder WordPress plugin before 5.4, used as a companion for the Discy and Himer , does not sanitise and escape a parameter on its reset password form which makes it possible to perform Reflected Cross-Site Scripting attacks
Affected products
- Unknown / WPQA Builder5.4 – 5.4
Exploits & PoCs
- nucleiWordPress WPQA <5.4 - Cross-Site Scriptingby veshraj