The changelog entry for two of the three latest releases of the plugin Animate It! are “Security fixes for XSS related vulnerability.”, though neither of them look to have actually fixed a vulnerability. The most recent version’s changelog is “Security related fixes.” and that version actually fixed a vulnerability connected with the code being changed in the previous two releases. The vulnerability could allow an attacker to cause someone logged in to WordPress as an Administrator to cause malicious JavaScript code to be displayed on admin pages.

...

---

This post provides insights on a vulnerability in the WordPress plugin Animate It! not discovered by us, where the discoverer hadn't provided the details needed for us to confirm the vulnerability while we were adding it to the data set for our service, so the rest of its contents are limited to subscribers of our service.

If you were using our service, you would have already been warned about this vulnerability if your website is vulnerable due to it. You can try out our service for free and then see the rest of the details of the vulnerability.

For existing customers, please log in to your account to view the rest of the contents of the post.

---

Plugin Security Scorecard Grade for Animate It!

Checked on September 19, 2024

See issues causing the plugin to get less than A+ grade