关键信息 漏洞名称: WordPress WP Post Modules for Elementor Plugin <= 2.5.0 is vulnerable to Cross Site Scripting (XSS) 优先级: Medium 受影响版本: <= 2.5.0 修复状态: No official fix available 风险: CVSS 7.1 描述: This vulnerability is moderately dangerous and expected to become exploited. It could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. 解决方案: Automatically mitigate vulnerabilities and keep your websites safe using Patchstack's virtual patch. 时间线: - Reported by Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) on 25 May 2023 - Early warning sent to Patchstack customers on 20 May 2023 - Published by Patchstack on 22 May 2023