Description
WordPress Plugin SpiderCatalog is prone to multiple cross-site scripting and SQL injection vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, to steal cookie-based authentication credentials, to compromise the application, access or modify data or to exploit vulnerabilities in the underlying database. WordPress Plugin SpiderCatalog version 1.4.6 is vulnerable; other versions may also be affected.
Remediation
Update to the latest version
References
Related Vulnerabilities
WordPress Plugin WordPress Survey & Poll-Quiz, Survey and Poll SQL Injection (1.1.91)
WordPress Plugin Contact Form 7 Style Cross-Site Request Forgery (3.1.9)
Joomla! Core 2.5.x Cross-Site Scripting (2.5.0 - 2.5.3)
WordPress Plugin Responsive Logo Slideshow Cross-Site Scripting (1.0)
WordPress Plugin The Plus Addons for Elementor Cross-Site Scripting (4.1.11)