2021-05-24 10:58:04
WPScan
PUBLISHED
The Hotjar Connecticator WordPress plugin through 1.1.1 is vulnerable to Stored Cross-Site Scripting (XSS) in the hotjar script textarea. The request did include a CSRF nonce that was properly verified by the server and this vulnerability could only be exploited by administrator users.