The Browser Screenshots WordPress plugin prior to 1.7.6 allowed authenticated users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks as the image_class parameter of the browser-shot shortcode was not escaped.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
prothemedesign browser screenshots |