Vulnerability in Zebra_Form PHP Library Affects Multiple WordPress Plugins
https://blog.wpscan.comThe WPScan security research team identified an Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability within the Zebra_Form PHP library, which is used by multiple WordPress plugins. At the time of writing, despite contacting the vendor multiple times, the latest version of Zebra_Form, version 2.9.8, is still affected.
The following plugins were found to use the vulnerable Zebra_Form PHP library:
- wp-ticket < 5.6.0
- teaser-maker-standard <= 0.1.114 (latest, has been closed)
- ad-swapper <= 1.0.3 (latest, has been closed)
- drug-search <= 1.0.0 (latest, has been closed)
- wp-inimat <= 1.0 (latest, has been closed)