CVE-2022-2118
The CVE-2022-2118 entry concerns the WordPress 404s plugin, where versions before 3.5.1 fail to sanitize and escape fields, enabling stored XSS by high-privilege users (e.g., admin). Exploitation context is authenticated/admin access, with payloads visible via the plugin’s 404 handling. The vulne...