The plugin does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Refer to https://mikadmin.fr/tech/XSS-Stored-E2Pdf-798ef69b0e13c36acf5446358d57c965Dx90666bNvCw98.pdf
Mika
Mika
Yes
2022-02-09 (about 4 months ago)
2022-02-09 (about 4 months ago)
2022-04-08 (about 3 months ago)