CVE-2022-1906

Name of the Vulnerable Software and Affected Versions Copyright Proof WordPress plugin versions 4.16 and earlier

Description The issue concerns a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being output via an AJAX action. This action is accessible to both unauthenticated and authenticated users, and the issue arises when a specific setting is enabled.

Recommendations For Copyright Proof WordPress plugin versions 4.16 and earlier, update to a version later than 4.16 to resolve the issue. As a temporary workaround, consider disabling the AJAX action until a patch is available. Restrict access to the plugin's settings to minimize the risk of exploitation.