WordPress · Print · CVE-2022-0663
**Name of the Vulnerable Software and Affected Versions**
Print, PDF, Email by PrintFriendly WordPress plugin versions prior to 5.2.3
**Description**
The issue allows high privilege users, such as admins, to perform cross-Site Scripting attacks. This is due to the plugin not sanitizing and escaping the Custom Button Text settings, which can be exploited even when the unfiltered html capability is disallowed.
**Recommendations**
For versions prior to 5.2.3, update to version 5.2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the Custom Button Text settings to minimize the risk of exploitation.