Because of these vulnerabilities in the wp_ajax_save_item function, the attackers can inject arbitrary web script or HTML via the “item[name]” or “item[customcss]” parameters in a wonderplugin_audio_save_item action to wp-admin/admin-ajax.php.
Upgrade the plugin.
CPE | Name | Operator | Version |
---|---|---|---|
audio player | le | 2.0 |