
The HPB Dashboard WordPress plugin through 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1542
241 hits since 2022-06-01
PHP Vulns Source Ratio: 15% (9286 total, 675 propagated, 4643 filtered)