CVE-2022-3906
CVE-2022-3906 concerns the WordPress plugin Easy Form Builder prior to version 3.4.0 . The root cause is incomplete sanitisation/escaping of some settings, enabling stored XSS by high-privilege users (e.g., admins), even when the unfiltered_html capability is disallowed (such as in multisite envi...