CVE-2022-3609
The CVE-2022-3609 issue affects the GetYourGuide Ticketing WordPress plugin, version prior to 1.0.4. The plugin does not sanitise/escape certain parameters, enabling Stored XSS by high-privilege users (e.g., admins), even when unfiltered_html is disallowed (such as in multisite setups). The risk ...