CVE-2022-1265

Name of the Vulnerable Software and Affected Versions BulletProof Security WordPress plugin versions prior to 6.1

Description The issue concerns the BulletProof Security WordPress plugin, where certain CAPTCHA settings are not properly sanitized and escaped. This could allow high-privileged users to perform Cross-Site Scripting attacks, even in scenarios where unfiltered html is disallowed.

Recommendations For versions prior to 6.1, update to version 6.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the CAPTCHA settings to minimize the risk of exploitation.