The toggle-the-title (aka Toggle The Title) plugin 1.4 for WordPress has XSS via the wp-admin/admin-ajax.php?action=update_title_options isAutoSaveValveChecked or isDisableAllPagesValveChecked parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
toggle-the-title project toggle-the-title |