TreePress – Easy Family Trees & Ancestor Profiles < 3.0.0 - Admin+ Stored Cross-Site Scripting

Description

The plugin does not sanitise and escape some parameters, which could allow users with the Admin role to perform Cross-Site Scripting attacks.