CVE-2022-0737
The CVE-2022-0737 entry concerns the WordPress Text Hover plugin (versions before 4.2). The root cause is that the text to hover is not sanitized/escaped, enabling stored Cross-Site Scripting by users with elevated privileges, even when unfiltered_html is disallowed. Affected software: WordPress ...