Cross-site scripting (XSS) vulnerability in the post highlights plugin prior to 2.6.1 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the txt parameter in a headline action to ajax/ph_save.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
post highlights projects post highlights |