CVE-2022-4410

Name of the Vulnerable Software and Affected Versions Permalink Manager Lite plugin for WordPress versions up to, and including 2.2.20.3

Description The issue arises from improper output escaping on post/page/media titles, allowing Stored Cross-Site Scripting attacks. This enables attackers to inject arbitrary web scripts on the permalink-manager page, provided another plugin or theme is installed that grants lower privileged users the ability to modify post/page titles with malicious web scripts.

Recommendations For Permalink Manager Lite plugin for WordPress versions up to, and including 2.2.20.3, update to a version higher than 2.2.20.3 to resolve the issue. As a temporary workaround, consider restricting the ability for lower privileged users to modify post/page titles or disabling the unfiltered html capability for these users until a patch is available.