The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Put the following payload in the Settings > We're Open > Separators & Text > Closed Text: "><svg/onload=alert(/XSSTEST/)> Save the settings, the XSS will be triggered on pages/posts where the Closed Text is displayed, for example when [open] is embed is there is at least one closed day
Asif Nawaz Minhas
Asif Nawaz Minhas
Yes
2022-09-20 (about 8 months ago)
2022-09-20 (about 8 months ago)
2022-09-20 (about 8 months ago)