Description The plugin does not properly sanitize user-supplied input nor escape output for the ‘social-links’ shortcode. This leads to a Stored Cross-Site Scripting vulnerability, where an authenticated user with contributor-level permissions can inject arbitrary web scripts that execute whenever a page is accessed.
CPE | Name | Operator | Version |
---|---|---|---|
eq | 2.5.1 |