WordPress website owners should be aware of a high severity Cross-Site Scripting (XSS) vulnerability identified in the Molongui Plugin. This security flaw poses significant risks to WordPress security, potentially enabling a malicious actor to inject harmful scripts into your website. These malicious scripts, including redirects, advertisements, and other HTML payloads, could be executed when visitors access the affected site. Immediate action is essential to the website from potential exploits.

The vulnerability was discovered and responsibly reported by LEE SE HYOUNG (hackintoanetwork), underlining the importance of vigilant security practices in the WordPress ecosystem.


This XSS vulnerability has been assigned a CVSS 3.1 score of 7.1, signifying its high severity and the substantial likelihood of exploitation.

Affected Versions:

At present, no patched version of the Molongui Plugin is available. Furthermore, there has been no response from the vendor regarding this vulnerability.


Exploiting this XSS vulnerability empowers malicious actors to inject harmful scripts into your website, posing numerous risks, such as:

  • Unauthorized redirection of visitors to malicious websites.
  • Injection of unwanted advertisements, disrupting the user experience.
  • Execution of arbitrary scripts that may compromise user data or website functionality.


Given the high severity of this vulnerability and the absence of a patched version, immediate action is vital to protect the WordPress website:

  1. Temporary Deactivation: For the Molongui Plugin, consider temporarily deactivating it until a fix is released. This can mitigate the risk of potential exploitation.
  2. Monitor Updates: Keep a close eye on plugin updates. Once a patched version becomes available, promptly update the Molongui Plugin to ensure the website’s security.
  3. Alternative Plugins: Explore reputable alternative plugins for similar functionalities that actively receive updates and are maintained by trusted developers.
  4. Security Best Practices: Implement security best practices, such as strong passwords, regular backups, and two-factor authentication, to enhance your overall WordPress security.