Traffic Manager by SedLex <= 1.4.5 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting (XSS)
REPORT ID: 1664739f-6222-4d8f-8348-981e94196c7e
The plugin contains a Missing Authorization vulnerability due to a missing capability check in an AJAX action, which makes it possible for authenticated attackers with a role as low as subscriber to access functionality. The plugin also contains a Cross-Site Scripting (XSS) vulnerability, due to the plugin does not sanitize and escape some parameters, which makes it possible to inject arbitrary web scripts.
You need to log in to view the vulnerability details.