From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Plugin Name: House Manager <= 1.0.8.4 2. Vulnerability Type: Reflected XSS 3. Description: The plugin does not sanitize or escape output parameters, leading to a reflected cross-site scripting vulnerability that may be exploited by users with high privileges. 4. PoC: Administrators can verify the vulnerability by accessing the following URL: 5. Affected Plugin: House Manager 6. CVE ID: CVE-2024-3973 7. OWASP Top 10: A7: Cross-Site Scripting (XSS) 8. CWE ID: CWE-79 9. Original Researcher: Bob Matyas 10. Submitter: Bob Matyas 11. Submitter Website: https://www.bobmatyas.com 12. Submitter Twitter: bobmatyas 13. Verified: Yes 14. WPVDB ID: 8c6ce66e-091a-41da-a13d-5f80cadb499a 15. Public Release Date: 2024-07-16 16. Added Date: 2024-07-09 17. Last Updated Date: 2024-07-09 18. Related Vulnerabilities: - WordPress 3.9, 3.9.1, 3.9.2, 4.0 - XSS in Media Playlists - Save as PDF plugin by Pdfcrowd < 4.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting - Amazing Hover Effects <= 2.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting - YARPP - Yet Another Related Posts Plugin < 5.30.3 - Contributor+ Stored XSS - PWA for WP <= 1.0.8 - XSS This information helps understand the vulnerability’s details, scope of impact, and how to verify and remediate it.