The User Avatar WordPress plugin prior to 1.2.2 does not properly sanitize and escape certain of its shortcodes attributes, which could allow relatively low-privileged users like contributors to conduct Stored XSS attacks.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
wpexperts user avatar-reloaded |