Easy Notify Lite < 1.1.33 - Contributor+ Stored XSS

Description The plugin does not sanitise and escape some of its Notification fields, which could allow users such as contributor and above to perform Stored Cross-Site Scripting attacks.

PoC

- Create/edit a Notification (https://example.com/wp-admin/post-new.php?post_type=easynotify) - Put the following payload in the “Text Header”, “Main Text” or any of the “Bullet List” fields: “> - The XSS will be triggered when saving/submitting for review, when another user will edit the notification as well as when previewing it (via the Preview feature offered by the plugin, not the usual post preview) Note: version 1.1.31 patch did not fully fix the issue as a payload like text” onmouseover="alert(/XSS/); would work in some of the affected fields