CVE-2022-4837
CVE-2022-4837 affects the CPO Companion WordPress plugin prior to 1.1.0. The vulnerability arises from insufficient validation/escaping of certain shortcode attributes, enabling Stored XSS with user roles as low as Contributor that could target admins or other high-privilege users. Exploit exampl...