WordPress · Keap Official Opt-In Forms · CVE-2023-6941
**Name of the Vulnerable Software and Affected Versions**
Keap Official Opt-in Forms WordPress plugin versions 1.0.11 and earlier
**Description**
The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks due to the plugin's failure to sanitise and escape some of its settings. This can occur even when the unfiltered html capability is disallowed, for example, in a multisite setup.
**Recommendations**
For versions 1.0.11 and earlier, update to a version that addresses the sanitisation and escaping of settings to prevent Stored Cross-Site Scripting attacks.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.