CVE-2022-0663: 
WordPress vulnerability analysis and mitigation

CVE-2022-0663 affects the Print, PDF, Email by PrintFriendly WordPress plugin versions before 5.2.3. The vulnerability was discovered and publicly disclosed on May 30, 2022. The issue exists in the plugin's Custom Button Text settings functionality, which fails to properly sanitize and escape input, affecting WordPress installations with this plugin (WPScan).

The vulnerability is classified as a Stored Cross-Site Scripting (XSS) issue, identified as CWE-79 (Improper Neutralization of Input During Web Page Generation). It has been assigned a CVSS v3.1 Base Score of 4.8 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N. The vulnerability specifically occurs when the Custom Button Text settings are not properly sanitized and escaped, allowing for XSS attacks even when the unfiltered_html capability is disallowed (NVD).

The vulnerability allows high-privilege users such as administrators to perform cross-site scripting attacks. When exploited, the XSS payload can be triggered both when accessing the plugin's settings page and on all frontend pages of the affected WordPress installation (WPScan).

The vulnerability has been patched in version 5.2.3 of the Print, PDF, Email by PrintFriendly plugin. Users are advised to update to this version or later to mitigate the security risk (WPScan).