Reader87

**Name of the Vulnerable Software and Affected Versions** The Dominion – Domain Checker for WPBakery plugin for WordPress versions up to, and including, 2.2.2 **Description** The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the `dominion shortcodes domain search 6` shortcode. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages, which will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 2.2.2, update to a version that addresses the insufficient input sanitization and output escaping issue in the `dominion shortcodes domain search 6` shortcode. As a temporary workaround, consider restricting access to the `dominion shortcodes domain search 6` shortcode to minimize the risk of exploitation.