Nested Pages < 3.1.21 - Admin+ Stored Cross Site Scripting
CVE-2022-1990
4.8MEDIUM
What is CVE-2022-1990?
The Nested Pages WordPress plugin before 3.1.21 does not escape and sanitize the some of its settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfiltered_html is disallowed
Affected Version(s)
Nested Pages 3.1.21