Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CPE | Name | Operator | Version |
---|---|---|---|
eq | 5.5.2 |
patchstack.com/database/vulnerability/printfriendly/wordpress-print-pdf-email-by-printfriendly-plugin-5-5-1-cross-site-scripting-xss-vulnerability
www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/printfriendly/print-pdf-email-by-printfriendly-551-authenticated-administrator-stored-cross-site-scripting-via-settings