This vulnerability allows an attacker to inject arbitrary web script or HTML via the “items[]” parameter in an fsb_save_order action to wp-admin/admin-ajax.php.
Update the plugin.
CPE | Name | Operator | Version |
---|---|---|---|
floating social bar | le | 1.1.5 |