The Text Hover WordPress plugin before 4.2 does not sanitize and escape the text to hover, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
CPE | Name | Operator | Version |
---|---|---|---|
text-hover | eq | 3.9.1 | |
text-hover | eq | 3.0.3 | |
text-hover | eq | 3.5 | |
text-hover | eq | 3.1.1 | |
text-hover | eq | 3.0.1 | |
text-hover | eq | 3.7.1 | |
text-hover | eq | 3.0.2 | |
text-hover | eq | 3.2 | |
text-hover | eq | 4.0 | |
text-hover | eq | 3.5.1 |