Product
The Prismatic plugin for WordPress versions 3.7.3 and earlier is vulnerable to stored cross-site scripting (XSS) via the 'prismatic_encoded' pseudo-shortcode, allowing unauthenticated attackers to inject arbitrary web scripts into pages.