CVE-2022-0429: 
WordPress vulnerability analysis and mitigation

The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before version 8.9.6 contains an unauthenticated stored Cross-Site Scripting (XSS) vulnerability identified as CVE-2022-0429. The vulnerability was discovered by Krzysztof Zając and publicly disclosed on February 14, 2022. This security issue affects the WP Cerber plugin, a popular WordPress security solution (WPScan).

The vulnerability stems from improper sanitization of the $url variable in the Activity tab of the plugin's dashboard. The CVSS score for this vulnerability is 7.3 (High), and it is classified as CWE-79: Cross-Site Scripting. The vulnerability can be exploited through the Activity tab in the plugin's dashboard, where unsanitized URL parameters can be manipulated to execute malicious JavaScript code (WPScan).

When successfully exploited, this vulnerability allows attackers to store and execute malicious JavaScript code that executes when administrators view the Activity tab in the plugin's dashboard. This can lead to potential theft of sensitive information, session hijacking, or other malicious actions performed in the context of the administrator's session (WPScan).

The vulnerability has been patched in version 8.9.6 of the WP Cerber Security plugin. Website administrators are strongly advised to update to this version or later to protect against this security issue (WPScan).