|Title: Reflected XSS in wordpress plugin anthologize v0.7.6|
|Author: Larry W. Cashdollar, @_larry0|
|Download Site: https://wordpress.org/plugins/anthologize|
|Vendor Notified: 2016-02-09|
|Vendor Contact: firstname.lastname@example.org|
|Plugin Name: anthologize|
There is a reflected XSS vulnerability in the following php code ./anthologize/includes/class-project-organizer.php: 426: <input type="hidden" name="append_parent" value="<?php echo $_GET['append_parent'] ?>" /> The variable append_parent appears to send unsanitized data back to the users browser.
|CVE-ID: Not Released|
Exploit was derived from appearance of first vulnerable parameter in code, there could be more shown above.