The Ivory Search WordPress plugin before 5.4.1 does not escape some of the Form settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.CreditsYoru OniReferenceshttps://wpscan.com/vulnerability/a9ab9e84-7f5e-4e7c-8647-114d9e02e59f
