Unsanitized Description in Inspiro PRO WordPress Plugin Allows JavaScript Injection

Unsanitized Description in Inspiro PRO WordPress Plugin Allows JavaScript Injection

CVE-2022-2391 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

The Inspiro PRO WordPress plugin does not sanitize the portfolio slider description, allowing users with privileges as low as Contributor to inject JavaScript into the description.

Learn more about our Wordpress Pen Testing.