The plugin does not properly sanitize or escape the Extra CSS class parameter, allowing high privileged users, such as an administrator to inject arbitrary web scripts into pages, even when the unfiltered html capability is disabled (e.g in multisite setups.)
CPE | Name | Operator | Version |
---|---|---|---|
codelights-shortcodes-and-widgets | eq | * |