The plugin is lacking CSRF check in its admin_update_data() function, which could allow attackers to make a logged in admin call it, and perform Stored Cross-Site Scripting attacks due to the lack of sanitisation and escaping in the processed user input
CPE | Name | Operator | Version |
---|---|---|---|
mobile-browser-color-select | eq | * |