WordPress · Print-O-Matic · CVE-2021-24710
**Name of the Vulnerable Software and Affected Versions**
Print-O-Matic WordPress plugin versions prior to 2.0.3
**Description**
The issue allows high privilege users to perform Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, due to the plugin not escaping some of its settings before outputting them in attributes.
**Recommendations**
For versions prior to 2.0.3, update to version 2.0.3 or later to resolve the issue.