DebateMaster Plugin Vulnerability

The DebateMaster plugin is a WordPress plugin used for debate-related features. It allows users to create and manage debates on their websites. However, due to insufficient input sanitization and output escaping, attackers can inject arbitrary web scripts in pages that will execute whenever a user accesses a page with the debate shortcode.

You're affected if you use DebateMaster. Specific version info not stated in the advisory.

To fix this vulnerability, you can:

1. Immediately disable the DebateMaster plugin in your WordPress installation.
2. Update to a patched version of the plugin (version 1.0.1 or later) from the official WordPress plugin repository: https://wordpress.org/plugins/debatemaster/
3. If you cannot update immediately, consider using immediate mitigations such as:
4. Disabling unfiltered_html in your WordPress settings
5. Removing stored cron jobs using wp-cron --delete
6. Monitoring for suspicious activity and logging access to the debate shortcode

• plugins.trac.wordpress.org
• plugins.trac.wordpress.org
• plugins.trac.wordpress.org
• plugins.trac.wordpress.org
• wordpress.org
• www.wordfence.com