Description
Rukovoditel through 2.4.1 allows XSS via a URL that lacks a module=users%2flogin substring.
Remediation
References
Related Vulnerabilities
WordPress Plugin Custom Website Data Cross-Site Scripting (1.0)
MySQL CVE-2014-0420 Vulnerability (CVE-2014-0420)
WordPress Plugin Anti-Malware Security and Brute-Force Firewall Cross-Site Scripting (4.15.49)
MySQL CVE-2018-3156 Vulnerability (CVE-2018-3156)
WordPress Plugin Welcart e-Commerce Cross-Site Scripting (2.2.3)