WordPress Themify Portfolio Post plugin <= 1.1.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Back

Product: Themify Portfolio Post
Description: Authenticated Stored Cross-Site Scripting (XSS) vulnerability found by Nguyen Anh Tien (SunCSR) in WordPress Themify Portfolio Post plugin (versions <= 1.1.5).
Solution: Update the WordPress Themify Portfolio Post plugin to the latest available version (at least 1.1.6).
Classification: Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References: Plugin changelog
CVE: Name CVE-N/A
Versions: Affected In <= 1.1.5
Fixed In 1.1.6
Disclosure date: 2020-12-04
Credits: Nguyen Anh Tien (SunCSR)

ThreatPress