The changelog for the latest version of Browser Shots is “Fix possible XSS vulnerability as reported by WPScan.” After looking into this we don’t why it is referred to as a “possible” vulnerability, since it is a vulnerability. Specifically, it is an authenticated persistent cross-site scripting (XSS) vulnerability.

…

[Read more]