关键信息 漏洞名称: WordPress xili-tidy-tags Plugin <= 1.12.06 is vulnerable to Cross Site Scripting (XSS) 优先级: Medium CVSS评分: 7.1 风险: This vulnerability is moderately dangerous and expected to become exploited. 受影响版本: <= 1.12.06 修复状态: No official fix available 报告日期: 22 Mar 2025 早期预警发送日期: 08 May 2025 发布日期: 10 May 2025 解决方案: Patchstack has issued a virtual patch to mitigate this issue by blocking any attacks until an official fix becomes available. 漏洞详情 类型: Cross Site Scripting (XSS) 描述: This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. 时间线 报告: Nguyen Xuan Chien on 22 Mar 2025 早期预警: Sent to Patchstack customers on 08 May 2025 发布: By Patchstack on 10 May 2025