The CM Tooltip Glossary WordPress plugin before 3.9.21 does not escape some glossary_tooltip shortcode attributes, which could allow users a role as low as Contributor to perform Stored Cross-Site Scripting attacksCreditsapple502jReferenceshttps://wpscan.com/vulnerability/b83880f7-8614-4409-9305-d059b5df15dd
