The plugin is vulnerable to Reflected Cross-Site Scripting via the f and t parameter found in the ~/titan-framework/iframe-googlefont-preview.php file which allows attackers to inject arbitrary web scripts.
CPE | Name | Operator | Version |
---|---|---|---|
border-loading-bar | eq | * |