CVE-2022-0684
CVE-2022-0684 affects the WordPress plugin “WP Home Page Menu” pre-3.1. The vulnerability stems from insufficient sanitisation/escaping of the plugin’s settings, enabling stored Cross-Site Scripting (XSS) by high-privilege users (e.g., admins) even when unfiltered_html is disallowed. The impact i...