2021-11-08 17:35:12
WPScan
PUBLISHED
The Export any WordPress data to XML/CSV WordPress plugin before 1.3.1 does not escape its Exports Name before outputting it in Manage Exports settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed