WordPress · Flexi · CVE-2022-0449
**Name of the Vulnerable Software and Affected Versions**
Flexi WordPress plugin versions prior to 4.20
**Description**
The issue concerns a Reflected Cross-Site Scripting problem. It arises because the plugin does not properly sanitise and escape various parameters before outputting them back in certain pages, such as the user dashboard.
**Recommendations**
For versions prior to 4.20, update to version 4.20 or later to resolve the issue. As a temporary workaround, consider restricting access to the user dashboard to minimize the risk of exploitation. Avoid using vulnerable parameters in affected pages until the issue is resolved.