The Scroll Baner WordPress plugin up to and including 1.0 does not have CSRF check in place when saving its settings, nor perform any sanitisation, escaping or validation on them. This could allow malicious users to make logged in admin change them and could lead to RCE (via a file upload) as well as XSS
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
scroll banner project scroll banner |