WordPress The Great Firewords of China Plugin Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in the WordPress plugin 'The Great Firewords of China', affecting versions through 1.2. This vulnerability arises from improper input sanitization during web page generation, allowing malicious scripts to be injected and executed when users visit the affected site.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the page, potentially leading to unauthorized actions or data exposure.

Remediation

Users of the WordPress 'The Great Firewords of China' plugin are advised to update to version 1.2 or later, where this vulnerability has been addressed. For those unable to update immediately, Patchstack offers a virtual patch that can be applied to mitigate the vulnerability until an official update is available.