The plugin was vulnerable to Reflected Cross-Site Scripting (XSS) due to insufficient input validation in the load_previews function found in the ~/OMAPI/Output.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.6.0.
CPE | Name | Operator | Version |
---|---|---|---|
optinmonster | lt | 2.6.1 |