CVE-2022-4306 – Panda Pods Repeater Field < 1.5.4 - Reflected XSS

https://notcve.org/view.php?id=CVE-2022-4306

07 Dec 2022 — The Panda Pods Repeater Field WordPress plugin before 1.5.4 does not sanitize and escapes a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a user having at least Contributor permission. The Panda Pods Repeater Field for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'podid' parameter in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthe... • https://wpscan.com/vulnerability/18d7f9af-7267-4723-9d6f-05b895c94dbe • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •