Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the “buffercode_RBanner_url_banner1” parameter in an update action to wp-admin/options.php.
Update the plugin.
CPE | Name | Operator | Version |
---|---|---|---|
random banner | le | 1.1.2.1 |