Microtango

**Name of the Vulnerable Software and Affected Versions** Microtango plugin for WordPress versions prior to 0.9.29 **Description** The Microtango plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to insufficient input sanitization and output escaping in the `restkey` parameter of the `mt reservation` shortcode. Authenticated attackers with Contributor-level access or higher can inject arbitrary web scripts into pages. These scripts will execute when a user accesses the affected page. **Recommendations** Update the Microtango plugin to a version later than 0.9.29.