CVE-2022-0209
The Mitsol Social Post Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.10 due to insufficient input sanitization and output escaping on the application id parameters. This makes it possible for authenticated (admin+) attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html is disabled.
Date published : 2022-06-13
https://github.com/BigTiger2020/2022/blob/main/Mitsol%20Social%20Post%20Feed%20Xss.md