CVE-2022-1093: 
WordPress vulnerability analysis and mitigation

CVE-2022-1093 affects the WP Meta SEO WordPress plugin versions before 4.4.7. The vulnerability was discovered and publicly published on May 2, 2022. The issue lies in the plugin's handling of breadcrumb separators, where the plugin fails to properly sanitize or escape the separator before outputting it to the page (WPScan).

This vulnerability is classified as a Stored Cross-Site Scripting (XSS) issue, identified as CWE-79 (Improper Neutralization of Input During Web Page Generation). The CVSS v3.1 base score is 4.8 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N. The vulnerability allows high-privilege users such as administrators to inject arbitrary JavaScript into the page, even when unfiltered HTML is disallowed (NVD).

The vulnerability allows administrators to inject arbitrary JavaScript code into pages where the breadcrumb feature is enabled. This could potentially lead to client-side attacks affecting users viewing the compromised pages (WPScan).

The vulnerability has been fixed in WP Meta SEO version 4.4.7. Users are advised to update to this version or later to mitigate the security risk (WPScan).