zeroanarchy

The issue appears to be related to a significant security issue identified with this plugin which allows cross site scripting when the plugin is activated. It is recommended that you either address the issue or decommission the plugin.

WordPress Extra Product Options for WooCommerce plugin <= 3.0.8 – Cross Site Scripting (XSS) vulnerability. https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/extra-product-options-for-woocommerce/extra-product-options-for-woocommerce-303-authenticated-shop-manager-stored-cross-site-scripting-via-plugin-settings

You were right Stafano. After some work I discovered that the new version of Cpanel comes with a new addition ‘WP Toolkit’. Within it exists a security measures section with default measures already selected, these include:

Block access to potentially sensitive files

Forbid execution of PHP scripts in the wp-content/uploads directory

Forbid execution of PHP scripts in the wp-includes directory

Hope that helps someone in the future. Thanks for your time Stefano.

interesting. Only Elementor installed.

url for the setting page is https://website.com/wp-admin/options-general.php?page=header-footer%2Fadmin%2Foptions.php

okay after 1 further test I have narrowed the error down to the less than (<) and greater than (>) symbol. If excluded it will save.

Just ran a few tests. If I exclude <script> tags and make it purely text it saves. If I add