The Email Encoder WordPress plugin before 2.4.7 does not escape email addresses retrieved via user input, allowing unauthenticated attackers to perform Stored XSS attacksCreditsMatthew RollingsWPScanReferenceshttps://wpscan.com/vulnerability/00c0b9f7-c559-463e-80ae-97d99e0ef99f/
