CVE-2022-4392

Name of the Vulnerable Software and Affected Versions iPanorama 360 WordPress Virtual Tour Builder plugin versions 1.6.29 and earlier

Description The issue allows users, such as those with contributor+ permissions, to perform Stored Cross-Site Scripting attacks. This is possible because some settings are not properly sanitized and escaped, making the attack viable even when the unfiltered html capability is disallowed.

Recommendations For iPanorama 360 WordPress Virtual Tour Builder plugin versions 1.6.29 and earlier, update to a version later than 1.6.29 to resolve the issue. As a temporary workaround, consider restricting contributor+ permissions to minimize the risk of exploitation.