CVE-2022-2423
The CVE-2022-2423 entry concerns the DW Promobar WordPress plugin (versions up to 1.0.4). Affected component: plugin settings handling that does not sanitize/escape certain settings, enabling Stored XSS. Root cause: improper sanitization/escaping when unfiltered_html is disallowed (e.g., multisit...