The Hotjar Connecticator WordPress plugin up to and including 1.1.1 is vulnerable to Stored Cross-Site Scripting (XSS) in the 'hotjar script' textarea. The request did include a CSRF nonce that was properly verified by the server and this vulnerability could only be exploited by administrator users.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
bluemedicinelabs hotjar connecticator |