CVE-2022-4391
The Vision Interactive For WordPress plugin (versions ≤ 1.5.3) contains a Stored XSS risk due to inadequate sanitization/escaping of some settings, allowing low-privilege users (e.g., Contributor+) to inject scripts even when unfiltered_html is disallowed. The issue is documented across multiple ...