logo
DATABASE RESOURCES PRICING ABOUT US

ThirstyAffiliates < 3.9.3 - Authenticated Stored XSS

Description

The ThirstyAffiliates Affiliate Link Manager WordPress plugin was vulnerable to authenticated stored Cross-Site Scripting (XSS). An authenticated attacker, such as an author, could attach an image with malicious JavaScript as its title, which would be executed once viewed by an administrator user.


Related