CVE-2022-4570

Name of the Vulnerable Software and Affected Versions The Top 10 WordPress plugin versions prior to 3.2.3

Description The issue concerns the lack of validation and escaping of certain Block attributes, which could lead to Stored Cross-Site Scripting attacks. Users with a role as low as contributor can exploit this, potentially targeting high-privilege users such as admins.

Recommendations For versions prior to 3.2.3, update to version 3.2.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the vulnerable Block attributes to minimize the risk of exploitation.