CVE-2022-3144

Name of the Vulnerable Software and Affected Versions Wordfence Security – Firewall & Malware Scan plugin for WordPress versions up to and including 7.6.0

Description The issue allows authenticated users with administrative privileges to inject malicious web scripts into a setting on the options page due to insufficient escaping on the stored value. This makes it possible for the malicious scripts to execute whenever a user accesses a page displaying the affected setting on sites running a vulnerable version.

Recommendations For versions up to and including 7.6.0, update to a version later than 7.6.0 to resolve the issue. As a temporary workaround, consider restricting access to the options page to minimize the risk of exploitation.