XSS exists in the shortcode functionality of the GistPress plugin prior to 3.0.2 for WordPress via the includes/class-gistpress.php id parameter. This allows an attacker with the WordPress Contributor role to execute arbitrary JavaScript code with the privileges of other users (e.g., ones who have the publish_posts capability).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gistpress project gistpress |