Report
The Admin Columns WordPress plugin Free before 4.3.2 and Pro before 5.5.2 allowed to configure individual columns for tables. Each column had a type. The type "Custom Field" allowed to choose an arbitrary database column to display in the table. There was no escaping applied to the contents of "Custom Field" columns.
Score:5.4
Severity:Medium
Version: 5.5.1
There is a patch available in v5.5.2 and we strongly recommend you update to this version as soon as possible.
