25 Apr

Reflected Cross-Site Scripting (XSS) Vulnerability in User Role by BestWebSoft

We recently discovered the User Role by BestWebSoft plugin had a reflected cross-site scripting (XSS) vulnerability. In version 1.5.1, and some prior versions, the file /user-role.php was echoing a GET or POST variable without escaping it. That occurred on line 233:

[Read more]