CVE-2024-6020 Information

Description

The Sign-up Sheets WordPress plugin before 2.2.13 does not escape some generated URLs as well as the $_SERVER[‘REQUEST_URI’] parameter before outputting them back in attributes which could lead to Reflected Cross-Site Scripting.

Reference

https://wpscan.com/vulnerability/f3526320-3abd-4ddb-8f73-778741bd9c48/