CVE-2022-0376

Name of the Vulnerable Software and Affected Versions User Meta WordPress plugin versions prior to 2.4.3

Description The issue allows high privilege users to perform Cross-Site Scripting attacks due to the lack of sanitization and escaping of the Form Name and Shared Field Labels in the admin dashboard when editing a form. This could be exploited even when unfiltered html is disallowed.

Recommendations For versions prior to 2.4.3, update to version 2.4.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin dashboard for high privilege users until the update is applied.