CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in worstguy WP LOL Rotation league-of-legends-rotation allows Stored XSS.This issue affects WP LOL Rotation: from n/a through <= 1.0.
Explanation of Vulnerability in Simple Terms
WP LOL Rotation versions 1.0 and earlier contain a cross-site scripting (XSS) vulnerability that allows authenticated users to inject malicious scripts. When a victim visits a page containing the injected content, the script executes in their browser, potentially compromising their session or stealing sensitive data. The vulnerability requires user interaction and affects the integrity and confidentiality of site visitors.
What an attacker can do
Inject malicious JavaScript that executes in other users' browsers when they view affected pages.
Potential impact on your site
Authenticated users can inject scripts that compromise visitor sessions, steal credentials, or deface content visible to other users.
Conditions required to exploit
Attacker must have a low-privilege account (e.g., subscriber or contributor) and the victim must visit a page containing the injected payload.
Key dates
External resources
Related vulnerabilities
