Pluxml v5.8.7 was discovered to allow attackers to execute arbitrary code via crafted PHP code inserted into static pages.
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-25018.json"