CVE-2022-1218

Name of the Vulnerable Software and Affected Versions Domain Replace WordPress plugin versions 1.3.8 and earlier

Description The issue is related to a Reflected Cross-Site Scripting problem. It occurs because the plugin does not properly sanitise and escape a parameter before outputting it back in an attribute in an admin page. This can lead to a reflected cross-site scripting attack.

Recommendations For Domain Replace WordPress plugin versions 1.3.8 and earlier, update to a version later than 1.3.8 to resolve the issue. As a temporary workaround, consider restricting access to the admin page where the vulnerable parameter is outputted until a patch is available.