CVE-2022-4295 – Show All Comments < 7.0.1 - Reflected XSS

https://notcve.org/view.php?id=CVE-2022-4295

23 Dec 2022 — The Show All Comments WordPress plugin before 7.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a logged in high privilege users such as admin. El complemento Show all comments de WordPress anterior a 7.0.1 no sanitiza ni escapa un parámetro antes de devolverlo a la página, lo que genera un Cross-Site Scripting reflejado entre sitios que podría usarse contra usuarios registrados con privilegios elevad... • https://wpscan.com/vulnerability/4ced1a4d-0c1f-42ad-8473-241c68b92b56 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •