In the eCommerce module of the NextGEN Gallery Pro WordPress plugin prior to 3.1.11, there is an action to call get_cart_items via photocrati_ajax , after that the settings[shipping_address][name] is able to inject malicious javascript.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|