CVE-2022-0150
The WordPress WP Accessibility Helper (WAH) plugin, versions prior to 0.6.0.7, contains a Reflected Cross-Site Scripting (XSS) vulnerability triggered by the wahi parameter. The issue arises because the plugin does not sanitize/escape the base64-decoded wahi output before rendering it on the page...