The plugin does not properly sanitise and escape some of its settings, which could allow a high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed
Put the following payload in the "Text size of answer (in pixels)" settings: </style><script>alert('XSS');</script>
The XSS will be triggered in the footer of all frontend pages José Aguilera
José Aguilera
Yes
2021-11-23 (about 1 years ago)
2022-02-15 (about 1 years ago)
2022-04-08 (about 1 years ago)