The Ultimate NoFollow WordPress plugin up to and including 1.4.8 does not sanitise and escape the href attribute of its shortcodes, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ultimate nofollow project ultimate nofollow |