The plugin did not have any privilege or nonce validation before saving the plugin's setting. As a result, any logged-in user on a vulnerable site could update the settings and store rogue JavaScript on each of its posts and pages.
Marc Montpas
Marc Montpas (Jetpack Scan)
Yes
2021-10-29 (about 1 years ago)
2021-10-29 (about 1 years ago)
2022-04-08 (about 10 months ago)