One of the changelog entries for the latest version of WP 1 Slider is “Fix security issues.” Looking at the changes made we found that sanitization was being added, though some of the code involved didn’t seem to make sense. In testing things out to try to understand how the code work we found that the sanitization added didn’t fully resolve the issue and there is still an authenticated persistent cross-site scripting (XSS) vulnerability in the new version.

…

[Read more]