Description The plugin does not adequately sanitize input or escape output on user-supplied attributes, leading to the possibility of Stored Cross-Site Scripting via shortcodes. This issue arises when authenticated users with contributor-level or higher permissions inject arbitrary web scripts into pages, which will then execute whenever a user accesses an injected page.
CPE | Name | Operator | Version |
---|---|---|---|
eq | 3.6.8 |