CVE-2022-0674: 
WordPress vulnerability analysis and mitigation

The vulnerability CVE-2022-0674 is a Stored Cross-Site Scripting (XSS) vulnerability affecting the Kunze Law WordPress plugin versions below 2.1. The vulnerability was discovered and publicly disclosed on February 17, 2022. The issue specifically affects the plugin's 'E-Mail Error "From" Address' settings functionality (WPScan).

The vulnerability exists because the plugin does not properly escape its 'E-Mail Error "From" Address' settings, which allows high-privilege users such as administrators to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. The vulnerability is classified as CWE-79 (Cross-Site Scripting) and has been assigned a CVSS score of 3.4 (Low severity) (WPScan).

The vulnerability allows authenticated users with high privileges to inject malicious JavaScript code into the plugin's settings. When triggered, this could potentially lead to the execution of arbitrary JavaScript code in the context of other users' browsers who access the affected areas of the WordPress admin panel (WPScan).

The vulnerability has been fixed in version 2.1 of the Kunze Law plugin. Users are advised to update to this version or later to mitigate the risk (WPScan).