Description The plugin does not correctly sanitize and escape user-supplied attributes in the ‘spice_post_slider’ shortcode. This oversight could lead to the injection of arbitrary web scripts into pages that will execute whenever accessed by a user.
CPE | Name | Operator | Version |
---|---|---|---|
eq | 2.1 |