Unsanitized Description in Inspiro PRO WordPress Plugin Allows JavaScript Injection
CVE-2022-2391 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
The Inspiro PRO WordPress plugin does not sanitize the portfolio slider description, allowing users with privileges as low as Contributor to inject JavaScript into the description.
Learn more about our Wordpress Pen Testing.