CVE-2022-2538

Name of the Vulnerable Software and Affected Versions WP Hide & Security Enhancer WordPress plugin versions prior to 1.8

Description The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly escaped before being outputted back in an attribute of a backend page. This can lead to malicious scripts being executed.

Recommendations For WP Hide & Security Enhancer WordPress plugin versions prior to 1.8, update to version 1.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the backend page where the vulnerable parameter is outputted to minimize the risk of exploitation.