Two weeks ago a user, yuyang998, on the wordpress.org Support Forum disclosed that the plugin Post Logo has a reflected cross-site scripting (XSS) vulnerability. On the thread for one of their others disclosures, we asked if they would be disclosing the details of them somewhere and didn’t get an answer in their response, so we will go ahead and provide the details of what appears to be the vulnerability that they were referring to.

…

[Read more]