WordPress Smart Online Order for Clover plugin <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via moo_receipt_link Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via mooreceiptlink Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Smart Online Order for Clover versions = 1.5.7...