The plugin does not sanitise and escape its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks against other administrators.
Put the following payload in any of the settings: "><svg/onload=alert(/XSS/)>
Raad Haddad of Cloudyrion GmbH
Raad Haddad of Cloudyrion GmbH
Yes
2022-07-18 (about 6 months ago)
2022-07-18 (about 6 months ago)
2022-08-22 (about 5 months ago)