
The HPB Dashboard WordPress plugin through 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1542
84 hits since 2022-06-01
PHP Vulns Source Ratio: 17% (6700 total, 569 propagated, 3350 filtered)