WordPress Responsive Thumbnail Slider 1.0 - Stored Cross-Site Scripting (XSS) & CSRFSign up to our free email alerts service for instant vulnerability notifications!
The original advisory states that this vulnerability is exploitable with editor and author roles but this is incorrect. Only the administrator role by default can trigger this vulnerability. However, CSRF on the image upload form makes this exploitable by a malicious actor.
|OWASP Top 10||A3: Cross-Site Scripting (XSS)|
|Publicly Published||2015-08-28 (about 1 year ago)|
|Added||2015-09-02 (about 1 year ago)|
|Last Updated||2015-12-20 (10 months ago)|
Copyright & License
|Copyright||All data and resources contained within this page and this web site is Copyright © The WPScan Team.|
|License||Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.|