The Sitewide Notice WP WordPress plugin prior to 2.3 does not sanitise some of its settings before outputting them in frontend pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
yoohooplugins sitewide notice |