The GNTT Post Title Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in...

The GNTT Post Title Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in version 1.0 via the title-ticker-slide, title-ticker-fade, and title-ticker-typing shortcodes. This is due to insufficient input sanitization and output escaping on shortcode attributes (notably border, width, height, header_background, header_text_color, and id) within the gntt_title_ticker_slide(), gntt_title_ticker_fade(), and gntt_title_ticker_typing() functions. None of these attribute values are passed through esc_attr() or any other escaping function before being concatenated into HTML output. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.