Description The plugin doesn’t prevent attackers with author privileges and higher from inserting malicious JavaScript inside a post’s header or footer code.
- As a user with Author+ capabilities, create a new post draft - Save it, then edit it using the PageLayer page builder - Navigate to the “Advanced” tab, and then the " Header, Body and Footer" section - Enter `` in the Header, Body and Footer code text areas, and save. - Preview the resulting post should make the alert prompts go off.