CVE-2022-0209 Information

Description

The Mitsol Social Post Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.10 due to insufficient input sanitization and output escaping on the application id parameters. This makes it possible for authenticated (admin+) attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html is disabled.

Reference

https://www.wordfence.com/vulnerability-advisories/#CVE-2022-0209 https://github.com/BigTiger2020/2022/blob/main/Mitsol%20Social%20Post%20Feed%20Xss.md