CVE-2022-1062: 
WordPress vulnerability analysis and mitigation

The vulnerability CVE-2022-1062 affects the th23 Social WordPress plugin through version 1.2.0. The vulnerability was discovered by Ankur Bakre and was publicly disclosed on April 19, 2022. This security issue involves improper sanitization and escaping of plugin settings, potentially enabling cross-site scripting (XSS) attacks (WPScan Advisory).

The vulnerability is classified as a Stored Cross-Site Scripting (XSS) issue, identified as CWE-79 (Improper Neutralization of Input During Web Page Generation). It received a CVSS v3.1 Base Score of 4.8 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N. The technical issue stems from the plugin's failure to properly sanitize and escape certain settings, particularly in the plugin's settings page at /wp-admin/options-general.php?page=th23-social (NVD, WPScan Advisory).

The vulnerability allows high-privilege users such as administrators to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. This could potentially lead to the execution of malicious scripts in users' browsers, affecting the confidentiality and integrity of the web application (WPScan Advisory).

As of the latest available information, there is no known fix for this vulnerability in the th23 Social plugin. Users should consider implementing additional security measures or evaluating alternative plugins until a security patch is released (WPScan Advisory).