CVE-2023-5538
MpOperationLogs for WordPress is affected by an unauthenticated stored XSS via IP Request Headers in versions up to 1.0.1. Root cause: insufficient input sanitization and output escaping. Impact: injected scripts execute when users load affected pages. Public patch status: unpatched per Wordfence...