WordPress XEN Carousel Plugin <= 0.12.2 - Multiple XSS

Because of these multiple vulnerabilities in xencarousel-admin.js.php, the attackers can inject arbitrary web script or HTML via the “ajaxpath” or “path” parameter.

Solution

           Update the plugin.