CVE-2022-2305
CVE-2022-2305 affects WordPress Popup plugin versions up to 1.9.3.8. The vulnerability is a stored XSS caused by insufficient sanitisation/escaping of certain settings, exploitable by high-privilege users (e.g., admins) when unfiltered_html is disallowed (notably in multisite setups). Connected s...