The Page Restriction WordPress (WP) WordPress plugin before 1.2.7 allows bad actors with administrator privileges to the settings page to inject Javascript code to its settings leading to stored Cross-Site Scripting that will only affect administrator users.
CPE | Name | Operator | Version |
---|---|---|---|
page_restriction | lt | 1.2.7 |