The Pootle Button plugin prior to 1.2.0 for WordPress has XSS via the assets_url parameter in assets/dialog.php, exploitable via wp-admin/admin-ajax.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pootlepress pootle button 1.1.0 |
||
pootlepress pootle button 1.1.1 |
||
pootlepress pootle button 1.0.0 |