CVE-2022-2328

Summary of CVE-2022-2328 : The Flexi Quote Rotator WordPress plugin (versions ≤ 0.9.4) does not sanitise or escape its settings, enabling stored Cross-Site Scripting for high-privilege users (e.g., admins) even when unfiltered_html is disallowed. Multiple sources confirm the vulnerability as an a...