WordPress · Wp-Splashing-Images · CVE-2018-6194
**Name of the Vulnerable Software and Affected Versions**
wp-splashing-images versions prior to 2.1.1
**Description**
A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via the `search` parameter to "wp-admin/upload.php".
**Recommendations**
For versions prior to 2.1.1, update to version 2.1.1 or later to resolve the issue.