CVE-2022-2215

Name of the Vulnerable Software and Affected Versions GiveWP WordPress plugin versions prior to 2.21.3

Description The issue concerns the improper sanitization and escaping of currency settings, potentially allowing high-privilege users, such as administrators, to perform Stored Cross-Site Scripting attacks. This is particularly relevant in setups where the unfiltered html capability is disallowed, such as in multisite configurations.

Recommendations For versions prior to 2.21.3, update to version 2.21.3 or later to resolve the issue. As a temporary workaround, consider restricting the ability to modify currency settings to only trusted administrators and ensuring that all users with high privileges are aware of the potential for Stored Cross-Site Scripting attacks.