ThreatPress

WordPress Vulnerabilities Database

Back

WordPress All In One Carousel Plugin <= 1.2.20 - Reflected XSS

Product
All In One Carousel
Description
This plugin is prone to a reflected cross site scripting vulnerability in /tpl/add_carousel.php id parameter.
Solution
Update the plugin.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
SecLists
CVE
Name CVE-N/A
Versions
Affected In <= 1.2.20
Fixed In 1.2.21
Disclosure date
2014-08-01