CVE-2023-4060
CVE-2023-4060 affects WP Adminify for WordPress prior to version 3.1.6. The issue arises because the plugin does not adequately sanitize and escape certain settings, enabling Stored XSS by high-privilege users (e.g., admin) even when unfiltered_html is disallowed (such as in multisite). Red Hat’s...