2 matches found
CVE-2018-6194
The CVE-2018-6194 entry describes a Cross-Site Scripting (XSS) vulnerability in WordPress Splashing Images plugin (wp-splashing-images) versions before 2.1.1. The flaw is in admin/partials/wp-splashing-admin-sidebar.php where the search parameter is echoed directly into the value attribute of an ...
WordPress Splashing Images 2.1 Cross Site Scripting / PHP Object Injection
Product: WordPress Splashing Images Plugin - https://wordpress.org/plugins/wp-splashing-images/ Vendor: Studio Espresso Tested version: 2.1 CVE ID: CVE-2018-6194 :: CVE description :: A cross-site scripting XSS vulnerability in admin/partials/wp-splashing-admin-sidebar.php in the...