CVE-2022-0728: 
WordPress vulnerability analysis and mitigation

The Easy Smooth Scroll Links WordPress plugin before version 2.23.1 contains a Cross-Site Scripting (XSS) vulnerability identified as CVE-2022-0728. The vulnerability was discovered and disclosed on March 21, 2022. The plugin fails to properly sanitize and escape its settings, which affects WordPress installations using the Easy Smooth Scroll Links plugin versions 2.23.0 and below (WPScan, Patchstack).

The vulnerability is classified as a Stored Cross-Site Scripting (XSS) issue with a CVSS v3.1 base score of 4.8 (Medium). The security flaw allows high-privilege users such as administrators to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. The vulnerability is tracked under CWE-79 (Improper Neutralization of Input During Web Page Generation) (NVD, Patchstack).

The vulnerability could allow malicious actors to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into the website which will be executed when guests visit the site. This poses a risk to website visitors who may be exposed to malicious content (Patchstack).

Users are advised to update to version 2.23.1 or later of the Easy Smooth Scroll Links plugin to address this vulnerability. This security issue has been fixed in version 2.23.1 (Patchstack).