The plugin does not have CSRF checks in place when saving its settings, and do not sanitise or escape them before outputting them back in the page, leading to a stored Cross-Site Scripting issue via a CSRF attack
CPE | Name | Operator | Version |
---|---|---|---|
social-tape | eq | * |