https://www.pluginvulnerabilities.com/2018/01/16/authenticated-persistent-cross-site-scripting-xss-vulnerability-in-wp-github-tools/

Recently we were contacted by one of the users of our service, J.D. Grimes, who had found some possible vulnerabilities that involved shortcodes and a lack of escaping when passing data to the function wp_localize_script(). He was too busy to go further with them at the time and was wondering if we could take it from there in confirming them

Powered by WPeMatico