Launchpad.net

CVE 2016-10895

The option-tree plugin before 2.6.0 for WordPress has XSS via an add_list_item or add_social_links AJAX request.

See the CVE page on Mitre.org for more details.

References