CVE-2021-25049

The Mobile Events Manager WordPress plugin before 1.4.4 does not sanitise and escape various of its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

Date published : 2022-01-24

https://plugins.trac.wordpress.org/changeset/2647987

https://wpscan.com/vulnerability/227cbf50-59da-4f4c-85da-1959a108ae7e