WordPress Responsive Thumbnail Slider 1.0 - Stored Cross-Site Scripting (XSS) & CSRF
The original advisory states that this vulnerability is exploitable with editor and author roles but this is incorrect. Only the administrator role by default can trigger this vulnerability. However, CSRF on the image upload form makes this exploitable by a malicious actor.
|OWASP Top 10||A7: Cross-Site Scripting (XSS)|
|Publicly Published||2015-08-28 (over 4 years ago)|
|Added||2015-09-02 (over 4 years ago)|
|Last Updated||2019-10-25 (3 months ago)|
Our Other Services
|Online WordPress Vulnerability Scanner||WPScan WordPress Security Plugin|