: Version 4.12 also addressed an issue where WordPress and Joomla password values were visible in the Property Panel of the Nicepage Editor Plugin. General Guidance for Nicepage Security
The third component is a CSRF flaw in the desktop-to-WordPress synchronization endpoint. An attacker could craft a malicious webpage that, when visited by a logged-in WordPress administrator, forces the site to accept a malicious template from the attacker’s remote Nicepage instance. This effectively overwrites existing pages with attacker-controlled HTML/JavaScript. nicepage 4.16.0 exploit