Description
This script is possibly vulnerable to client side template injection attacks.
Client side template injection is a vulnerability similar to cross site scripting that allows an attacker to send malicious code (usually in the form of JavaScript) to another user.
The injected code is executed by the client side templating and allows the attacker to take control of the victim's browser.
Remediation
Apply context-dependent encoding and/or validation to user input rendered on a page
References
Related Vulnerabilities
WordPress Plugin Prismatic Multiple Cross-Site Scripting Vulnerabilities (2.7)
WordPress Plugin Portfolio-WordPress Portfolio Cross-Site Scripting (2.8.10)
WordPress Plugin Social Buttons Pack by BestWebSoft Cross-Site Scripting (1.1.0)
WordPress Plugin Instagram Feed Cross-Site Scripting (1.5.1)
WordPress Plugin Greenshift-animation and page builder blocks Cross-Site Scripting (4.9.9)