CVE-2022-4295 Information

Description

The Show All Comments WordPress plugin before 7.0.1 does not sanitise and escape a parameter before outputting it back in the page leading to a Reflected Cross-Site Scripting which could be used against a logged in high privilege users such as admin.

Reference

https://wpscan.com/vulnerability/4ced1a4d-0c1f-42ad-8473-241c68b92b56