The plugin does not sanitise its Taxonomy description field, allowing high privilege users to set JavaScript payload in them even when the unfiltered_html capability is disallowed, leading to an authenticated Stored Cross-Site Scripting issue.
Add or edit a Taximony (/wp-admin/admin.php?page=st_taxonomiesthe) with the following description: "> Then view the Taxonomies table to trigger the XSS
CPE | Name | Operator | Version |
---|---|---|---|
simple-tags | lt | 3.0.7.2 |