Posts Tagged ‘wordpress’

WordPress FancyProductDesigner 3.4.2 Stored XSS

WordPress FancyProductDesigner plugin versions prior to 3.4.2 suffer from a persistent cross site scripting vulnerability due to improper sanitization, allowing malicious .svg file uploads. Source: WordPress FancyProductDesigner 3.4.2 Stored XSS