From this webpage screenshot, the following key vulnerability information can be extracted: 1. Plugin Name: Search Filter Pro < 2.5.18 2. Vulnerability Type: Admin+ Stored XSS 3. Description: The plugin does not sanitize or escape certain settings, allowing high-privileged users (such as administrators) to perform stored cross-site scripting attacks when unfiltered HTML capabilities are disabled. 4. Proof of Concept: - Step 1: As an administrator, create a new search form. - Step 2: In the "Available Fields" section, select "Post Date" and drag it to the "Search Form UI" section. - Step 3: In the "Date Field" section, add the payload to the "From Prefix" and "To Prefix" fields. - Step 4: Save. - Step 5: Navigate to the search admin page. - Step 6: Hover over the "To Prefix" and "From Prefix" fields to trigger the XSS. 5. Affected Plugin: search-filter-pro 6. Fixed Version: 2.5.18 7. References: - CVE: Link - URL: Link 8. Classification: - Type: XSS - OWASP Top 10: A7: Cross-Site Scripting (XSS) - CWE: CWE-79 9. Additional Information: - Original Researcher: Felipe Caon - Submitter: caon - Submitter Website: Link - Verified: Yes - WPVDB ID: 53357868-2bcb-48eb-8abd-83186ff8d027 10. Timeline: - Public Release Date: 2024-07-18 (approximately 23 days ago) - Added Date: 2024-07-18 (approximately 23 days ago) - Last Updated Date: 2024-07-18 (approximately 23 days ago) This information provides a detailed description of the vulnerability, proof of concept, affected plugin, fixed version, references, classification, original researcher, submitter, verification status, WPVDB ID, and timeline.