CVE-2022-1896

Name of the Vulnerable Software and Affected Versions underConstruction WordPress plugin versions prior to 1.21

Description The issue allows high privilege users to perform Cross-Site Scripting attacks due to the lack of sanitization or escaping of the Display a custom page using your own HTML setting before outputting it, even when the unfiletred html capability is disallowed.

Recommendations For versions prior to 1.21, update to version 1.21 or later to resolve the issue. As a temporary workaround, consider restricting access to the Display a custom page using your own HTML setting to minimize the risk of exploitation.