The plugin does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for example in multisite setup)
Put the following payload in the "Advanced Blocking" tab > "Block HTTP Referer's" section > "Add Referer" field: "><img src=x onerror=alert(/XSS/)>
Niraj Mahajan
Niraj Mahajan
Yes
2022-06-06 (about 1 years ago)
2022-06-06 (about 1 years ago)
2023-03-08 (about 6 months ago)