Product
The LifePress plugin for WordPress is vulnerable to stored cross-site scripting (XSS) due to insufficient input sanitization and output escaping within the `lp_update_mds` AJAX action, allowing unauthenticated attackers to inject arbitrary web scripts via the 'n' parameter that execute when a user accesses the injected page; this affects versions up to and including 2.2.2.