"One vulnerability allowed an unauthenticated attacker to inject malicious JavaScript into any published popup, which would then be executed whenever the popup loaded. The other vulnerability allowed any logged-in user, even those with minimal permissions such as a subscriber, to export a list of all newsletter subscribers, export system configuration information, and grant themselves access to various features of the plugin." - Unauthenticated Stored Cross-Site Scripting (XSS) - Authenticated Settings Modification, Configuration Disclosure, and User Data Export
MULTI
2020-03-12 (about 3 years ago)
2020-03-12 (about 3 years ago)
2020-09-22 (about 2 years ago)