The Page Restriction plugin for WordPress (WP) versions before 1.2.7 can be exploited by people with administrator access to the settings page. They can add malicious Javascript code to the settings which will be stored and can only affect other administrators. This is called Cross-Site Scripting.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
