The plugin did not sanitise the _drts_form_build_id parameter in a POST request to /wp-admin/admin.php?page=drts/directories, allowing for HTML or JavaScript injection.
2020-12-12 (about 1 years ago)
2020-12-12 (about 1 years ago)
2020-12-15 (about 1 years ago)