关键信息 漏洞名称: WordPress IGIT Related Posts With Thumb Image After Posts Plugin <= 4.5.3 is vulnerable to Cross Site Scripting (XSS) 优先级: Medium 风险等级: CVSS 6.5 受影响版本: <= 4.5.3 修复状态: No official fix available 漏洞类型: Cross Site Scripting (XSS) 风险描述 This vulnerability is moderately dangerous and expected to become exploited. It could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. 解决方案 We advise to mitigate or resolve the vulnerability immediately. Patchstack has issued a virtual patch to mitigate this issue by blocking any attacks until an official fix becomes available. 时间线 Reported by jchsk on 07 Apr 2025 Early warning sent out to Patchstack customers on 02 May 2025 Published by Patchstack on 08 May 2025