[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fS-yip2pt-eP_bCa2WpO6gDWoHUM2o9uYcjhy2P3uE0U":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20},"CVE-2022-0448","cp-blocks-authenticated-stored-cross-site-scripting-via-license-id-settings","CP Blocks \u003C= 1.0.14 - Authenticated Stored Cross-Site Scripting via License ID settings","The CP Blocks WordPress plugin before 1.0.15 does not sanitise and escape its \"License ID\" settings, which could allow high privilege users to inject arbitrary web scripts that execute in a victim's browser even when the unfiltered_html is disallowed.","cp-blocks",null,"\u003C1.0.15","1.0.15","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2022-02-02 00:00:00","2024-01-22 19:56:02",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fe8a69fa8-c2a8-4d63-8db4-823122632b3a?source=api-prod",720]