CVE-2022-0626: 
WordPress vulnerability analysis and mitigation

The Advanced Admin Search WordPress plugin (before version 1.1.6) contains a Reflected Cross-Site Scripting vulnerability, identified as CVE-2022-0626. The vulnerability was discovered and reported on February 16, 2022, and affects the plugin's admin page functionality. This security issue stems from the plugin's failure to properly sanitize and escape certain parameters before outputting them back in the admin interface (WPScan, NVD).

The vulnerability is classified as a Cross-Site Scripting (XSS) issue, specifically CWE-79 (Improper Neutralization of Input During Web Page Generation). It has received a CVSS v3.1 base score of 6.1 (Medium), with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. The vulnerability affects multiple parameters in the admin interface, including 'keyword', 'user', 'metaKey', and 'metaValue' (WPScan).

The vulnerability allows attackers to execute cross-site scripting attacks through the admin interface. When successfully exploited, it could lead to the execution of malicious scripts in the context of the admin user's browser session, potentially compromising the security of the WordPress installation (NVD).

The vulnerability has been patched in version 1.1.6 of the Advanced Admin Search WordPress plugin. Users are advised to update to this version or later to mitigate the security risk (WPScan).