CVE-2022-1933 Information

Description

The CDI WordPress plugin before 5.1.9 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users) leading to a Reflected Cross-Site Scripting

Reference

https://wpscan.com/vulnerability/6cedb27f-6140-4cba-836f-63de98e521bf