Sola Support Ticket <= 3.12 - XSS & Configuration Change
Any logged in user with any role and access to wp-admin in any way can update plugin settings including allowing HTML to be parsed. One can also change any notification messages to include JS which then can be used to obtain information by forgery.
|Proof of Concept||
fixed in version 3.13
|Publicly Published||2016-01-28 (over 3 years ago)|
|Added||2016-02-14 (over 3 years ago)|
|Last Updated||2016-02-14 (over 3 years ago)|