Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML in an add_delivery_method action to wp-admin/admin-ajax.php via 4 parameters: “name”, “intl”, “nocod”, or “time parameter”.
Update the plugin.
CPE | Name | Operator | Version |
---|---|---|---|
foliopress wysiwyg | le | 1.3.12 |