Vulnerability Details: Reflected Cross-Site Scripting (XSS) in DeMomentSomTres Subscribe
The plugin DeMomentSomTres Subscribe was closed on the Plugin Directory on September 18 for “Licensing/Trademark Violation”. A new version of the plugin was submitted today with the changelog “Sanitize $_REQUEST”. Looking at the changes made we found that at least a reflected cross-site scripting (XSS) vulnerability was fixed.
…