The AdRotate WordPress plugin before 5.8.23 does not sanitise and escape Advert Names which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowedCreditsMuhamad HidayatReferenceshttps://wpscan.com/vulnerability/27ad58ba-b648-41d9-8074-16e4feeaee69
