CVE-2022-1569 Information

Description

The Drag & Drop Builder Human Face Detector Pre-built Templates Spam Protection User Email Notifications & more! WordPress plugin before 1.4.9.4 does not sanitise and escape some of its form fields which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed

Reference

https://wpscan.com/vulnerability/5a2756c1-9abf-4fd6-8ce2-9f840514dfcc