CVE-2016-15041

The MainWP Dashboard – The Private WordPress Manager for Multiple Website Maintenance plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mwpsetuppurchaseusername’ parameter in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping...