CVE-2021-36844 – WordPress WP Subscribe plugin <= 1.2.12 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

https://notcve.org/view.php?id=CVE-2021-36844

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MyThemeShop WP Subscribe plugin <= 1.2.12 on WordPress. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) Almacenado y Autenticado (admin+) en el plugin MyThemeShop WP Subscribe versiones anteriores a 1.2.12 incluyéndola, en WordPress WP Subscribe versions up to 1.2.12 is vulnerable to Cross-Site Scripting. This allows authenticated attackers to inject JavaScript into the database. • https://patchstack.com/database/vulnerability/wp-subscribe/wordpress-wp-subscribe-plugin-1-2-12-authenticated-stored-cross-site-scripting-xss-vulnerability https://wordpress.org/plugins/wp-subscribe/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •