CVE-2022-4307 Information

Description

The ?????? ?????? ?????? WordPress plugin before 2.9.3 does not sanitise and escape some parameters allowing unauthenticated attackers to send a request with XSS payloads which will be triggered when a high privilege users such as admin visits a page from the plugin.

Reference

https://wpscan.com/vulnerability/4000ba69-d73f-4c5b-a299-82898304cebb