The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Note: First you need to add a FAQ. [wpb_af_faqs theme='" onmouseover="alert(1)"']
Lana Codes
Lana Codes
Yes
2023-02-22 (about 2 months ago)
2023-02-22 (about 2 months ago)
2023-02-22 (about 2 months ago)