CVE-2016-10867
All-in-One WP Security and Firewall WordPress plugin (pre-4.0.6) contains a cross-site scripting (XSS) vulnerability in settings pages. The issue is documented across sources (e.g., PT-2019-7663, CVE listings, and WPVulnDB) as XSS in the plugin’s settings UI. Impact is limited to user interaction...