Can you explain this vulnerability to me?

The Electric Enquiries plugin for WordPress has a Stored Cross-Site Scripting (XSS) vulnerability in the 'button' parameter of the electric-enquiry shortcode. This vulnerability exists in all versions up to and including version 1.1. It is caused by insufficient input sanitization and output escaping, which allows authenticated users with Contributor-level access or higher to inject arbitrary web scripts into pages.

These injected scripts will execute whenever any user accesses the affected page, potentially compromising the security of the website and its users.

Useful 0 Not Useful 0

How can this vulnerability impact me? :

This vulnerability can allow attackers with Contributor-level access or higher to inject malicious scripts into web pages. These scripts execute in the context of users visiting the infected pages, which can lead to theft of user credentials, session hijacking, defacement, or distribution of malware.

Because the vulnerability is a Stored Cross-Site Scripting issue, the malicious code persists on the site and affects all users who view the compromised content.

Useful 0 Not Useful 0

How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know

Useful 0 Not Useful 0

How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

I don't know

Useful 0 Not Useful 0