CVE-2022-1904

Name of the Vulnerable Software and Affected Versions Pricing Tables WordPress Plugin version prior to 3.2.1

Description The issue concerns a Reflected Cross-Site Scripting problem. It occurs when a specific setting is enabled, allowing an attacker to inject malicious code through a parameter that is not properly sanitized and escaped before being outputted on a page accessible to all users, regardless of their authentication status.

Recommendations For versions prior to 3.2.1, update to version 3.2.1 or later to resolve the issue. As a temporary workaround, consider disabling the specific setting that enables this vulnerability until a patch is applied. Avoid using the vulnerable parameter in the affected page until the issue is resolved.