CVE-2022-0680: 
WordPress vulnerability analysis and mitigation

The vulnerability CVE-2022-0680 affects the Plezi WordPress plugin versions before 1.0.3. It was discovered by Brandon James Roldan and publicly disclosed on March 7, 2022. The vulnerability is classified as a Stored Cross-Site Scripting (XSS) issue that affects the plugin's REST endpoint (WPScan).

The vulnerability exists in a REST endpoint that allows unauthenticated users to update the plzconfigurationtracker_enable option. The updated value is then displayed in the admin panel without proper sanitization and escaping, leading to a Stored Cross-Site Scripting vulnerability. The vulnerability has been assigned a CVSS score of 8.8 (High) and is classified under CWE-79 (WPScan).

This vulnerability allows unauthenticated attackers to store malicious JavaScript code that executes when administrators view the affected admin panel. This could potentially lead to unauthorized actions being performed with administrator privileges and compromise of sensitive information (WPScan).

The vulnerability has been fixed in version 1.0.3 of the Plezi WordPress plugin. Users are advised to update to this version or later to mitigate the security risk (WPScan).