CVE-2022-2398
Description
The WordPress Comments Fields WordPress plugin before 4.1 does not escape Field Error Message, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
CWE
- CWE-79 — CWE-79 Cross-Site Scripting (XSS)
Affected
- Unknown / WordPress Comments Fields — v=4.1 <4.1 [affected]
CVSS
- (none)
References
Source
cvelistV5-main/cves/2022/2xxx/CVE-2022-2398.json