CVE-2022-1772 Information

Description

The Google Places Reviews WordPress plugin before 2.0.0 does not properly escape its Google API key setting which is reflected on the site’s administration panel. A malicious administrator could abuse this bug in a multisite WordPress configuration to trick super-administrators into viewing the booby-trapped payload and taking over their account.

Reference

https://wpscan.com/vulnerability/02addade-d191-4e45-b7b5-2f3f673679ab