-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| wpglobus/wpglobus | composer | <= 1.9.6 | 1.9.7 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from improper input sanitization in the options handling mechanism. Since the attack vector is through wp-admin/options.php (WordPress' core options storage handler), the plugin's specific vulnerability must be in how it processes the 'wpglobus_option' array during save operations. The plugin's options management class (likely in a file like class-wpglobus-options.php) would be responsible for sanitizing the 'more_languages' parameter before storage. The lack of output encoding when rendering this option value leads to stored XSS. The high confidence comes from the direct correlation between the vulnerable parameter and WordPress' options update pattern, even without seeing the exact code diff.
A Semantic Attack on Google Gemini - Read the Latest Research