From this webpage screenshot, the following key vulnerability information can be obtained: 1. Plugin Name: Sign-up Sheets < 2.2.13 2. Vulnerability Type: Reflected XSS 3. Description: The plugin does not properly escape generated URLs and parameters, which may lead to reflected cross-site scripting attacks. 4. PoC (Proof of Concept): - Open the sign-up form using a specific URL, requiring a valid form ID. - Open the browser using a specific URL without encoding characters. 5. Affected Plugin: sign-up-sheets 6. Fix Status: Fixed in version 2.2.13. 7. References: - CVE ID: None - OWASP Top 10: A7: Cross-Site Scripting (XSS) - CWE ID: CWE-79 8. Additional Information: - Original Researcher: Bob Matyas - Submitter: Bob Matyas - Submitter Website: https://www.bobmatyas.com - Submitter Twitter: bobmatyas - Verification Status: Verified - WPVDB ID: f3526320-3abd-4ddb-8f73-778741bd9c48 - Publication Date: 2024-08-13 - Added Date: 2024-08-13 - Last Updated: 2024-08-13 - Related Vulnerabilities: - EventON < 4.4.1 - Reflected Cross-Site Scripting - DethemeKit For Elementor < 2.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets - Download Manager <= 2.9.93 - Authenticated Cross-Site Scripting (XSS) - BSK Forms Blacklist < 3.7 - Admin+ Stored Cross-Site Scripting - Form Builder CP < 1.2.32 - Admin+ Stored Cross-Site Scripting This information helps understand the nature, scope of impact, and exploitation methods of the vulnerability.