One of the changelog entries for a recent version of Avartan Slider Lite was “Fixed: Security issues” and then it was changed to “Fixed: minor bug fix” a week later. Looking at the changes made in that version there were many security related changes. We ran the previous version through our Plugin Security Checker to see if it would identify possible vulnerabilities which we could further look into. Through that we found that there was at least a reflected cross-site scripting (XSS) vulnerability fixed in the new version.

…

[Read more]