22 matches found
ImageLinks Interactive Image Builder for WordPress < 1.5.4 - Contributor+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. 1. Create a new vision item with whatever role, even if it's an Administrator. 2. Connec...
WordPress ImageLinks Interactive Image Builder plugin <= 1.5.2 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by WPScanTeam in WordPress ImageLinks Interactive Image Builder plugin versions = 1.5.2. Solution Update the WordPress ImageLinks Interactive Image Builder plugin to the latest available version at least 1.5.3...