Description The plugin does not validate the htmlTag option in various of its block before outputting it back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
As a contributor, put the below code in a post when in Code Editor Mode:
The XS will be triggered when any user will (pre)view the post
CPE | Name | Operator | Version |
---|---|---|---|
eq | 1.9.1 |