WordPress is the WordPress Foundation’s suite of blogging platforms developed using the PHP language. A cross-site scripting vulnerability exists in versions of the WordPress Dynamic Widgets plugin prior to 1.5.16, which stems from the fact that the plugin does not translate prefix parameters before they are exported back to properties. Any authenticated attacker could use this vulnerability to execute JavaScript code on the client side.
CPE | Name | Operator | Version |
---|---|---|---|
wordpress dynamic widgets plugin | lt | 1.5.16 |