Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CPE | Name | Operator | Version |
---|---|---|---|
eq | 3.1.6 |