From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Plugin Name: WP eStore < 8.5.6 2. Vulnerability Type: Reflected XSS in Product Editing 3. Description: The plugin does not sanitize or escape output parameters, leading to a reflected cross-site scripting (XSS) vulnerability that could be exploited by users with high privileges. 4. PoC (Proof of Concept) example code: 5. Affected Plugin: wp-cart-for-digital-products 6. Fix Status: Fixed in version 8.5.6. 7. References: - CVE: None - OWASP Top 10: A7: Cross-Site Scripting (XSS) - CWE: CWE-79 8. Additional Information: - Original Researcher: Bob Matyas - Submitter: Bob Matyas - Submitter Website: https://www.bobmatyas.com - Submitter Twitter: bobmatyas - Verification Status: Yes - WPVDB ID: 34d61f7e-90eb-4a64-a8a7-18f2d6518118 - Publication Date: 2024-07-19 - Added Date: 2024-07-19 - Last Updated: 2024-07-19 - Other Vulnerabilities Listed: - Radio Forge Muses Player with Skins <= 2.5 - Reflected Cross-Site Scripting - Login Rebuilder < 2.8.1 - Admin+ Stored XSS - Goolytics - Simple Google Analytics < 1.1.2 - Admin+ Stored Cross-Site Scripting - WP Google Maps Pro < 8.1.12 - Multiple Admin+ Stored Cross-Site Scripting - Essential Real Estate < 4.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode This information helps understand the vulnerability's details, scope of impact, and how to remediate it.