The changelog entry for two of the three latest releases of the plugin Animate It! are “Security fixes for XSS related vulnerability.”, though neither of them look to have actually fixed a vulnerability. The most recent version’s changelog is “Security related fixes.” and that version actually fixed a vulnerability connected with the code being changed in the previous two releases. The vulnerability could allow an attacker to cause someone logged in to WordPress as an Administrator to cause malicious JavaScript code to be displayed on admin pages.

…

[Read more]