The Admin Columns WordPress plugin, Free and Pro versions, rendered input on the posted pages with improper input validation on the value passed into the field `Label` parameter, by taking this as an advantage an authenticated attacker can supply a crafted arbitrary script and execute it.
Daniel Elkabes of WhiteSource
2021-05-31 (about 7 months ago)
2021-06-07 (about 7 months ago)
2021-08-10 (about 5 months ago)