CVE-2022-0209: 
WordPress vulnerability analysis and mitigation

CVE-2022-0209 affects the Mitsol Social Post Feed WordPress plugin versions before 1.11. The vulnerability was discovered and publicly disclosed on January 12, 2022. This security issue impacts the plugin's handling of settings output in attributes, specifically affecting the Facebook Wall and Social Integration functionality (WPScan).

The vulnerability stems from improper escaping of settings before they are output back in attributes. This security flaw exists even when the unfiltered_html capability is disallowed. The vulnerability has been classified as a Cross-Site Scripting (XSS) issue, specifically falling under CWE-79, with a CVSS score of 3.4 (Low). The issue can be exploited through the Access Token settings, including both User access token and Page access token fields (WPScan).

The vulnerability allows high-privilege users such as administrators to perform cross-site scripting attacks. This could potentially lead to the execution of malicious JavaScript code in the context of other users' browsers who access the affected admin pages (WPScan).

The vulnerability has been fixed in version 1.11 of the Mitsol Social Post Feed plugin. Users are advised to update to this version or later to mitigate the security risk (WPScan).