Floating Social Bar 1.1.5 XSS

Everyone can access saveorder. File: floating-social-bar\class-floating-social-bar.php addaction 'wpajaxfsbsaveorder', array $this, 'saveorder' ; addaction 'wpajaxnoprivfsbsaveorder', array $this, 'saveorder' ; $REQUEST'items' is not escaped. File: floating-social-bar\class-floating-social-bar.ph...

WordPress Floating Social Bar Plugin Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language that allows users to set up their own websites on servers that support PHP and MySQL databases. A cross-site scripting vulnerability exists in the 'saveorder' function in the class-floating-social-bar.php script in versions of the...