WordPress Tooltipy 5.0-Cross Site Scripting

Summary

WordPress is a blogging platform developed using the PHP language. Users can set up their own websites on servers that support PHP and MySQL databases. WordPress is a personal blog system, and gradually evolved into a content management system software, which is developed using PHP language and MySQL database. Users can use their own blogs on servers that support PHP and MySQL databases.
This plugin Tooltipy allows you automatically create responsive tooltip boxes for your technical keywords in order to explain them for your site visitors making surfing more comfortable.Tootipy contains reflected XSS in the [kttg_glossary] shortcode meaning that admin usersa browsers can be hijacked by anybody who sends them a link. The hijacked browser can be made to do almost anything an admin user can normally do.

Solution

1.At present, the manufacturer has not provided a patch or an upgrade procedure. We recommend that users who use this software keep an eye on the vendor's homepage to obtain the latest version:https://wordpress.org/plugins/bluet-keywords-tooltip-generator/
2.Customers who buy the next-generation firewall of Sangfor can turn on the WAF defense module to easily defend against such vulnerabilities