The plugin does not sanitise and escape some of its settings before outputting them in pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Put the following payload in the Welcome message (st_content parameter) of the plugin: </script><img src onerror=alert(/XSS/)> to trigger the XSS in any frontend page </textarea><img src onerror=alert(/XSS/)> to trigger the XSS in the plugin's settings https://github.com/liaojia-99/my-creat-cve/blob/main/1.md
Yes
2021-07-31 (about 9 months ago)
2021-08-19 (about 9 months ago)
2022-03-07 (about 2 months ago)