CVE-2022-0628

Name of the Vulnerable Software and Affected Versions Mega Menu WordPress plugin versions prior to 3.0.8

Description The issue is related to a Reflected Cross-Site Scripting problem. It occurs because the wpnonce parameter is not properly sanitized and escaped before being outputted back in an admin page. This can lead to malicious script execution.

Recommendations For versions prior to 3.0.8, update to version 3.0.8 or later to resolve the issue. As a temporary workaround, consider restricting access to admin pages to minimize the risk of exploitation. Avoid using the wpnonce parameter in affected admin pages until the issue is resolved.