Description
Rukovoditel through 2.4.1 allows XSS via a URL that lacks a module=users%2flogin substring.
Remediation
References
Related Vulnerabilities
WordPress Plugin Facebook, Twitter & Google+ Social Widgets Multiple Vulnerabilities (1.3.7)
WordPress Plugin smart Archive Page Remove Unspecified Vulnerability (3)
WordPress Plugin Widget Settings Importer/Exporter Cross-Site Scripting (1.5.3)
WordPress Plugin Ultimate Maps by Supsystic SQL Injection (1.1.12)