WordPress · 404S Wordpress Plugin · CVE-2022-2118
**Name of the Vulnerable Software and Affected Versions**
The 404s WordPress plugin versions prior to 3.5.1
**Description**
The issue allows high privilege users, such as admins, to perform cross-Site Scripting attacks due to the lack of sanitization and escaping of fields, even when the unfiltered html capability is disallowed.
**Recommendations**
For versions prior to 3.5.1, update to version 3.5.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the plugin's fields by high privilege users until a patch is applied.