2022-03-14 14:41:44
WPScan
PUBLISHED
The Kunze Law WordPress plugin before 2.1 does not escape its E-Mail Error "From" Address settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed