Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Venutius BP Profile Shortcodes Extra allows Stored XSS.This issue affects BP Profile Shortcodes Extra: from n/a through 2.6.0.CreditsPeter Thaleikis (Patchstack Alliance)Referenceshttps://patchstack.com/database/wordpress/plugin/bp-profile-shortcodes-extra/vulnerability/wordpress-bp-profile-shortcodes-extra-plugin-2-6-0-cross-site-scripting-xss-vulnerability?_s_id=cve