CVE-2022-0380

Name of the Vulnerable Software and Affected Versions Fotobook WordPress plugin versions up to and including 3.2.3

Description The issue is related to Reflected Cross-Site Scripting due to insufficient escaping and the use of $ SERVER['PHP SELF'] found in the ~/options-fotobook.php file. This allows attackers to inject arbitrary web scripts onto the page.

Recommendations For versions up to and including 3.2.3, update to a version higher than 3.2.3 to resolve the issue. As a temporary workaround, consider restricting access to the ~/options-fotobook.php file to minimize the risk of exploitation.