CVE-2022-2412 – Better Tag Cloud <= 0.99.5 - Admin+ Stored Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2022-2412

18 Jul 2022 — The Better Tag Cloud WordPress plugin through 0.99.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) El plugin Better Tag Cloud de WordPress versiones hasta 0.99.5, no sanea y escapa de algunos de sus ajustes, lo que podría permitir a usuarios con altos privilegios, como el administrador, llevar a cabo ataques de tipo Cross-... • https://wpscan.com/vulnerability/fc384cea-ae44-473c-8aa9-a84a2821bdc6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •