The "Schedule Name" input in the plugin general options did not properly sanitize input, allowing a user to inject javascript code using the <script> HTML tags and cause a stored XSS issue
Go to Weekly Schedule -> General Options (/wp-admin/admin.php?page=weekly-schedule) -> Schedule Name -> Fill the field with a payload such as <script>alert(`xss`)</script>
Viktor Markopoulos
Viktor Markopoulos
Yes
2021-05-12 (about 1 years ago)
2021-05-12 (about 1 years ago)
2021-05-13 (about 1 years ago)