Shezad Master

**Name of the Vulnerable Software and Affected Versions** Pretty Url WordPress plugin versions 1.5.4 and earlier **Description** The issue arises from the plugin's failure to sanitize and escape the URL field in its settings, potentially allowing high-privilege users to perform Stored Cross-Site Scripting attacks. This vulnerability can be exploited even when the unfiltered html capability is disallowed, such as in a multisite setup. **Recommendations** For versions 1.5.4 and earlier, as a temporary workaround, consider disabling the URL field in the plugin settings until a patch is available. Restrict access to the plugin's settings to minimize the risk of exploitation. Avoid using the URL field in the affected plugin settings until the issue is resolved.