The plugin does not have CSRF check when saving its slide settings, and is also lacking sanitisation as well as escaping in some of them, which could allow attacker to make a logged in admin change them via a CSRF attack and put Cross-Site Scripting payloads in them.
CPE | Name | Operator | Version |
---|---|---|---|
banner-cycler | eq | * |