CVE List


Moderate 4.8

The Flexi Quote Rotator WordPress plugin through 0.9.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

Published August 1, 2022.

Affected software

Get alerts for Flexi Quote Rotator Project Flexi Quote Rotator

Reference links