WordPress Plugin Vulnerabilities
Thumbnail Carousel Slider < 1.0.1 - Stored Cross-Site Scripting (XSS) & CSRF
Description
The original advisory states that this vulnerability is exploitable with editor and author roles but this is incorrect. Only the administrator role by default can trigger this vulnerability.
However, CSRF on the image upload form makes this exploitable by a malicious actor.
Affects Plugins
References
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Submitter
Arash Khazaei
Submitter twitter
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2015-08-28 (about 8 years ago)
Added
2015-09-02 (about 8 years ago)
Last Updated
2020-12-28 (about 3 years ago)