CVE-2022-1951

Name of the Vulnerable Software and Affected Versions kitestudio WordPress plugin versions prior to 2.3.1

Description The issue arises from the core plugin of the kitestudio WordPress plugin, which fails to properly sanitise and escape certain parameters before outputting them in the response to an AJAX action. This AJAX action is accessible to both unauthenticated and authenticated users when a premium theme from the vendor is active, leading to a Reflected Cross-Site Scripting issue.

Recommendations For versions prior to 2.3.1, update to version 2.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the AJAX action or disabling the premium theme from the vendor until the update can be applied.