WordPress Rotating Tweets plugin <= 1.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Krzysztof Zając in WordPress Plugin Rotating Tweets versions = 1.9.10...

PT-2024-34624 · WordPress · Rotating Tweets

Name of the Vulnerable Software and Affected Versions: Rotating Tweets plugin for WordPress versions up to, and including, 1.9.10 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'rotatingtweets' due to insufficient input sanitization and output escaping on...