CVE-2022-4654

Name of the Vulnerable Software and Affected Versions The Pricing Tables WordPress Plugin versions prior to 3.2.3

Description The issue is related to a Stored Cross-Site Scripting attack. It occurs because the plugin does not validate and escape one of its shortcode attributes. This could allow users with a role as low as contributor to perform the attack.

Recommendations For versions prior to 3.2.3, update to version 3.2.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the vulnerable shortcode attribute to minimize the risk of exploitation.