The Social Slider Widget WordPress plugin before 1.8.5 allowed Authenticated Reflected XSS in the plugin settings page as the ‘token_error’ parameter can be controlled by users and it is directly echoed without being sanitized
CPE | Name | Operator | Version |
---|---|---|---|
social_slider_widget | lt | 1.8.5 |