E19-7q7a1
CVSS:
4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
False Positive:
t
Year:
2019
Description
This strike exploits a cross-site scripting vulnerability in Wordpress Plugin UserPro. This vulnerability is due to inadequate input filtering of "error_description" in the web interface. An attacker could exploit this vulnerability by enticing a user to visit an attacker controlled webpage or click a malicious link. By exploiting this vulnerability an attacker could trigger reflected cross site scripting on the victim's browser.
