Smart Slider
Monthly
The Smart Slider 3 Free and pro WordPress plugins before 3.5.0.9 did not sanitise the Project Name before outputting it back in the page, leading to a Stored Cross-Site Scripting issue. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
The Smart Slider 3 Free and pro WordPress plugins before 3.5.0.9 did not sanitise the Project Name before outputting it back in the page, leading to a Stored Cross-Site Scripting issue. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.