Lucsob

**Name of the Vulnerable Software and Affected Versions** The Menu Icons by ThemeIsle plugin for WordPress versions up to and including 0.13.20 **Description** The software is susceptible to a Stored Cross-Site Scripting issue due to inadequate input sanitization and output escaping. This allows authenticated attackers with Author-level access or higher to inject arbitrary web scripts into pages. These scripts will execute when a user accesses the injected page. The vulnerable parameter is ` wp attachment image alt` post meta. **Recommendations** Update The Menu Icons by ThemeIsle plugin to a version later than 0.13.20.