A stored cross-site scripting (XSS) vulnerability was discovered in the MainWP WordPress plugin. The vulnerability was found in the "Add Contact" > Contact Name field, where user input was not properly sanitized before rendering it back into the DOM. As a result, an attacker could inject malicious JavaScript payloads that would be executed in the browser of any user, typically an administrator, who viewed the infected client…Read More
MainWP: Stored Cross-Site Scripting (XSS) in “Add Contact” Name Field – MainWP Plugin
