CVE-2022-3904
Description
The MonsterInsights WordPress plugin before 8.9.1 does not sanitize or escape page titles in the top posts/pages section, allowing an unauthenticated attacker to inject arbitrary web scripts into the titles by spoofing requests to google analytics.
References
ExploitThird Party Advisory
CvssV3 impact
Could not find any metrics
CvssV2 impact
Could not find any metrics