The User Notes plugin for WordPress has a security issue. In versions 1.0.1 and earlier, it is possible for users with access to add user notes to put malicious web scripts in the ‘user_notes_note’ parameter. If a victim visits the profile page of someone with one of these malicious user notes, the malicious web scripts may run on their computer.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
