CVE-2022-1266 – Post Grid, Slider & Carousel Ultimate < 1.5.0 - Admin+ Stored XSS

https://notcve.org/view.php?id=CVE-2022-1266

26 May 2022 — The Post Grid, Slider & Carousel Ultimate WordPress plugin before 1.5.0 does not sanitise and escape the Header Title, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. El plugin Post Grid, Slider & Carousel Ultimate de WordPress versiones anteriores a 1.5.0, no sanea ni escapa del Título del Encabezado, lo que podría permitir a usuarios muy privilegiados llevar a cabo ataques de tipo Cross-Site Scripting incluso cuando... • https://wpscan.com/vulnerability/7800d583-fcfc-4360-9dc3-af3f73e12ab4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •