The Poll Maker WordPress plugin before 4.0.2 does not sanitise and escape some settings, which could allow high privilege users such as admin to perform Store Cross-Site Scripting attack even when unfiltered_html is disallowed

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1456