09 Jun

Authenticated Persistent Cross-Site Scripting (XSS) in WP Posts Carousel

Recently we found that the plugin WP Posts Carousel has an authenticated persistent cross-site scripting (XSS) vulnerability due to a lack of sanitation or escaping when shortcode attributes are output in Javascript code generated by the plugin.

[Read more]