WordPress Plugin WP-UserOnline 2.88.0 – Stored Cross Site Scripting (XSS)

Technical Description:
The WP-UserOnline plugin for WordPress has multiple Stored Cross-Site Scripting vulnerabilities in versions 
up to, and including 2.88.0. This is due to the fact that all fields in the “Naming Conventions” section do 
not properly sanitize user input, nor escape it on output. This makes it possible for authenticated attackers, 
with administrative privileges, to inject JavaScript code into the setting that will execute whenever a user 
accesses the injected page.

Source: https://www.exploit-db.com/exploits/51020

Posted in Exploit, Vulnerability.