The plugin did not properly sanitise its settings, allowing high privilege users to use XSS payloads in them (even when the unfileted_html is disabled)
Use a payload such as a"><img src onerror=alert(/XSS/)> in the plugin settings (for example, the Powered by Text input)
James Calver, Bulletproof Cyber
Yes
2021-04-01 (about 2 years ago)
2021-04-02 (about 2 years ago)
2022-03-07 (about 1 years ago)