The plugin allowed authenticated users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks as the image_class parameter of the browser-shot shortcode was not escaped.
Add the following shortcode in a page, then view the page (either published or as preview to trigger the XSS): [browser-shot url="https://example.com" image_class='" onload="alert(origin)']
apple502j
apple502j
Yes
2021-06-21 (about 1 years ago)
2021-06-21 (about 1 years ago)
2021-06-25 (about 1 years ago)