CVE-2022-3096
CVE-2022-3096 concerns the WP Total Hacks WordPress plugin (versions up to 4.7.2). The affected component is the plugin settings handling, where low-privilege users can modify settings due to insufficient sanitisation/escaping, enabling Stored XSS against other users (e.g., admins). The vulnerabi...