WordPress Related Posts plugin prior to 2.1.3 contains a cross-site scripting vulnerability in the rp4wp[heading_text] parameter. User input is not properly sanitized, allowing the insertion of arbitrary code that can allow an attacker to steal cookie-based authentication credentials and launch other attacks.
View the template here CVE-2022-3506.yaml
References:
https://huntr.dev/bounties/08251542-88f6-4264-9074-a89984034828