CVE-2022-4260

Name of the Vulnerable Software and Affected Versions WP-Ban WordPress plugin versions prior to 1.69.1

Description The issue is related to the WP-Ban WordPress plugin not sanitizing and escaping some of its settings, which could allow high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is disallowed, for example, in a multisite setup. The vulnerability may be exploited by a remote attacker to conduct a cross-site scripting (XSS) attack.

Recommendations For WP-Ban WordPress plugin versions prior to 1.69.1, update to version 1.69.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the plugin's settings to minimize the risk of exploitation.