• Allows users with permission to edit settings to insert unfiltered HTML into the admin area settings – i.e. Settings > Instant Articles > Feed. Insert ‘”onclick=”alert(1)’ into the “Number of Articles” field

The plugin contains or is likely to contain a vulnerability which could be exploited by a privileged user to affect the site’s confidentiality, integrity or availability in a manner exceeding their privileges:

Allows admins to insert unfiltered HTML in to the settings fields