CVE-2022-0321
The WP Voting Contest WordPress plugin before 3.0 does not sanitise and escape the postid parameter before outputting it back in the response via the wpvcsocialshareicons AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting issue...