CVE-2019-12934

The wp-code-highlightjs plugin for WordPress (≤0.6.2) is vulnerable to CSRF that enables stored XSS via the hljs_additional_css parameter in wp-admin/options-general.php?page=wp-code-highlight-js. Root cause: lack of CSRF protection in admin settings. Impact: authenticated attacker can inject XSS...