Vulnerability: Advanced Text Widget < 2.0.2 - Cross-Site Scripting

A cross-site scripting (XSS) vulnerability in advancedtext.php in Advanced Text Widget plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.

Impact

Allows remote attackers to execute arbitrary script or HTML code in the context of the victim’s browser, potentially leading to session hijacking, defacement, or theft of sensitive information.

Severity

medium

Verified

Unknown