The plugin does not have CSRF checks in place when updating its Social Network settings, and does not escape some of these fields, which could allow attackers to make a logged-in admin change them and lead to Stored Cross-Site Scripting issues.
CPE | Name | Operator | Version |
---|---|---|---|
social-stickers | eq | * |