CVE-2022-0193: 
WordPress vulnerability analysis and mitigation

The Complianz WordPress plugin (versions before 6.0.0) contains a Reflected Cross-Site Scripting (XSS) vulnerability identified as CVE-2022-0193. The vulnerability was discovered by Krzysztof Zając and publicly disclosed on January 17, 2022. This security issue affects the GDPR/CCPA Cookie Consent functionality in WordPress installations using the vulnerable plugin versions (WPScan).

The vulnerability stems from improper input validation where the plugin fails to escape the 's' parameter before outputting it back in an attribute within an admin page. The vulnerability has been assigned a CVSS v3 Base Score of 6.1 (Medium), with an Impact Score of 2.7 and Exploitability Score of 2.8. The attack vector is network-based, requires low attack complexity, needs no privileges, but does require user interaction (AttackerKB).

When successfully exploited, this vulnerability could allow attackers to execute arbitrary web scripts in the context of the affected admin page. This could potentially lead to unauthorized access to sensitive information, manipulation of admin interface elements, or other malicious actions within the scope of the affected user's browser session (NVD).

The vulnerability has been patched in version 6.0.0 of the Complianz WordPress plugin. Site administrators are strongly advised to update to this version or later to mitigate the risk (WPScan).