The plugin does not have CSRF in place when updating its settings, and is lacking sanitisation as well as escaping in them, which could allow attackers to make a logged in admin change them and perform Cross-Site Scripting attacks
CPE | Name | Operator | Version |
---|---|---|---|
footer-text | eq | * |