CVE-2020-36854

Name of the Vulnerable Software and Affected Versions Async JavaScript plugin for WordPress versions prior to 2.19.07.14

Description The software is susceptible to Stored Cross-Site Scripting due to missing authorization checks on the aj steps AJAX action and insufficient sanitization of settings saved through a function. This allows authenticated attackers with subscriber-level permissions or higher to inject malicious web scripts into a page. These scripts will execute whenever a user accesses the affected page.

Recommendations Update to a version later than 2.19.07.14.