The plugin does not properly sanitise the slider name when creating or editing a slider, leading to an Authenticated (editor+) Stored Cross-Site Scripting issue which will be triggered in the Slider table (/wp-admin/admin.php?page=master-slider). Edit (WPScanTeam): - The original report was from 2018, however the issue was never remediated. - Multiple attempts were made to contact the vendor, but no response was received
The PoC will be displayed once the issue has been remediated