CVE-2022-4307

Name of the Vulnerable Software and Affected Versions پلاگین پرداخت دلخواه WordPress plugin versions prior to 2.9.3

Description The issue allows unauthenticated attackers to send a request with XSS payloads, which will be triggered when a high privilege user, such as an admin, visits a page from the plugin. This occurs because the plugin does not properly sanitise and escape some parameters.

Recommendations For پلاگین پرداخت دلخواه WordPress plugin versions prior to 2.9.3, update to version 2.9.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's pages for high privilege users until the update is applied.