The Roles & Capabilities plugin for WordPress has a security problem called Reflected Cross-Site Scripting. This is because it uses add_query_arg on the URL without properly protecting it. This allows people who are not logged in to the website to insert harmful code onto the page if they can trick someone into clicking on a link.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
