The plugin does not sanitise or escape some of its settings before outputting them in the page, leading to Authenticated Stored Cross-Site Scripting issues.
Put the following payload in the Fajr, Sunrise, Zuhr, Asr, Maghrib and/or Isha field of the Language settings of the plugin (/wp-admin/admin.php?page=dpt#tabs-2): The XSS will be triggered in the plugin’s settings, as well as any post/page with the [monthlytable] embed
CPE | Name | Operator | Version |
---|---|---|---|
daily-prayer-time-for-mosques | lt | 2021.08.10 |