3D Cover Carousel <= 1.0 - Reflected Cross-Site Scripting

2021-09-08T00:00:00
ID WPVDB-ID:37E84BDD-6C93-4F62-B2A3-3CC39FE0D7E0
Type wpvulndb
Reporter wpvulndb
Modified 2021-09-09T10:58:30

Description

The plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter in the ~/cover-carousel.php file which allows attackers to inject arbitrary web scripts.