From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Plugin Name: Viral Signup <= 2.1 - Admin+ Stored XSS 2. Description: The plugin does not sanitize or escape certain settings, allowing high-privileged users (such as administrators) to execute stored cross-site scripting attacks when the ability to unfiltered HTML is not disabled. 3. PoC (Proof of Concept): Triggering the vulnerability by running JavaScript code in the browser console. 4. Affected Plugin: viral-signup 5. CVE ID: CVE-2024-6927 6. Classification: - Type: XSS - OWASP Top 10: A7: Cross-Site Scripting (XSS) - CWE ID: CWE-79 7. Original Researcher: Bob Matyas 8. Submitter: Bob Matyas 9. Submitter Website: https://www.bobmatyas.com 10. Submitter Twitter: bobmatyas 11. Verification Status: Yes 12. WPVDB ID: 05024ff5-4c7a-4941-8dae-c1a8d2d4e202 13. Publication Date: 2024-08-07 14. Added Date: 2024-08-07 15. Last Updated Date: 2024-08-07 16. Others: - Related Vulnerabilities List: - Sliderby10Web < 1.2.52 - Admin+ Stored Cross-Site Scripting - MapPress Maps for WordPress < 2.88.15 - Contributor+ Stored XSS - Advanced WordPress Reset < 1.6 - Reflected Cross-Site Scripting - WP Category Post List Widget <= 2.0.3 - Contributor+ Stored XSS - WP File Download Light <= 1.3.3 - Authenticated (Editor+) Stored Cross-Site Scripting This information provides a detailed description of the vulnerability, its scope of impact, verification status, and a list of related vulnerabilities.