CVE-2019-19133
The CVE covers a reflected XSS in the WordPress CSS Hero plugin up to version 4.0.3, caused by insufficient sanitization of user input in the URI when csshero_action=edit_page is used. An authenticated attacker could trigger arbitrary JavaScript in the victim’s browser on the affected site, poten...