CVE-2021-38318

CVE-2021-38318 concerns the WordPress plugin “3D Cover Carousel” (versions ≤ 1.0). The vulnerability is a Reflected Cross-Site Scripting (XSS) via the id parameter in ~/cover-carousel.php, enabling injection of arbitrary scripts. Affected component is the plugin’s PHP code handling the id input; ...