Tree Page View Plugin < 1.6.7 - Cross-Site Scripting

The CMS Tree Page View plugin for WordPress has a Reflected Cross-Site Scripting vulnerability up to version 1.6.7. This is due to the posttype parameter not properly escaping user input. As a result, users with administrator privileges or higher can inject JavaScript code that will execute...