In situations where a WordPress site with the VK All in One Expansion Unit plugin (available on WordPress.org) is activated and managed by multiple users with administrator privileges, there exists a risk of stored XSS attacks. A malicious administrator could go to the admin settings page, navigate to “ExUnit” → “Ad Alert” → “Custom Alert … Continue reading Regarding vulnerabilities in VK All in One Expansion Unit version 9.100.0 and earlier.