Many add-ons for WordPress are at risk for Stored Cross-Site Scripting because of a library called prettyPhoto (version 3.1.6) that is included in the add-on. This is because the add-on does not properly check and protect against harmful code from users. This means that people with contributor or higher access can insert harmful code into pages, which will run whenever someone views the page.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
© Really Simple Plugins
CoC 70461155
Kalmarweg 14-5
9723 JG, Groningen (NL)
