DPD Baltic Shipping by DPD <= 1.2.11 - Admin+ Stored XSS
LANACOMMONVDB ID: e29bd05b-cffb-4b9d-9a44-7605aea16c73
The plugin does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).