CVE-2022-0147: 
WordPress vulnerability analysis and mitigation

The Cookie Information | Free GDPR Consent Solution WordPress plugin before version 2.0.8 contains a Reflected Cross-Site Scripting (XSS) vulnerability. The vulnerability was discovered on January 7, 2022, and publicly disclosed on February 21, 2022. This security issue affects the WordPress plugin's admin dashboard functionality (NVD, WPScan).

The vulnerability stems from improper neutralization of input during web page generation (CWE-79). Specifically, the plugin fails to escape user data before outputting it back in attributes within the admin dashboard. The vulnerability has been assigned a CVSS v3.1 base score of 6.1 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, indicating network accessibility with required user interaction (NVD).

The vulnerability allows attackers to execute cross-site scripting attacks through the admin dashboard. When successfully exploited, it could lead to the compromise of confidential information and potential manipulation of the affected admin interface (WPScan).

The vulnerability has been fixed in version 2.0.8 of the Cookie Information WordPress plugin. Users are advised to update to this version or later to mitigate the security risk (WPScan).