MEDIUM
Rockhoist Badges Project
CVE published 2017-03-02
CVE-2017-6102
CVE-2017-6102 describes a persistent cross-site scripting (XSS) issue in the Rockhoist Badges WordPress plugin version 1.2.2. NVD assigns it CVSS 3.0 vector AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, which indicates network reachability, no privileges required, and user interaction needed before impact occurs. Because the weakness is CWE-79, the main concern is that attacker-controlled content can be stored and [truncated]