OPSI Israel Domestic Shipments WordPress Plugin Reflected Cross-Site Scripting Vulnerability

A reflected cross-site scripting vulnerability has been identified in the OPSI Israel Domestic Shipments WordPress plugin, affecting versions through 2.6.3. The issue arises because the plugin fails to properly sanitize and escape a parameter before displaying it on the page. This vulnerability could be exploited against users with high privileges, such as administrators.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, which could be used to target high-privilege users like admins.

Remediation

Users are advised to update the OPSI Israel Domestic Shipments WordPress plugin to version 2.6.6 or later.