CVE-2022-2148
CVE-2022-2148 affects the WordPress plugin LinkedIn Company Updates (versions up to 1.5.3). The vulnerability is a stored XSS caused by insufficient sanitisation/escaping of plugin settings, enabling high-privilege users (e.g., admin) to inject scripts even when unfiltered_html is disallowed. Exp...