The plugin does not sufficiently sanitize user inputs nor escape output in the admin settings, leading to a Stored Cross-Site Scripting vulnerability. This can result in the injection of arbitrary web scripts in pages that execute when a user accesses an injected page. The issue primarily affects multi-site installations and installations where unfiltered_html is disabled.
CPE | Name | Operator | Version |
---|---|---|---|
about-me-3000 | eq | * |