CVE-2022-1456: 
WordPress vulnerability analysis and mitigation

The Poll Maker WordPress plugin before version 4.0.2 contains a stored Cross-Site Scripting (XSS) vulnerability. The vulnerability exists because the plugin does not properly sanitize and escape some settings, particularly in the Mailchimp integration settings, which could allow high-privilege users such as administrators to perform Stored Cross-Site Scripting attacks even when unfiltered_html is disallowed (WPScan).

The vulnerability is classified as a Cross-Site Scripting (XSS) issue, specifically affecting the Mailchimp integration settings located at /wp-admin/admin.php?page=poll-maker-ays-settings&ayspolltab=tab2. The vulnerability has been assigned CWE-79 (Cross-Site Scripting) and received a CVSS score of 3.4 (low severity). The issue stems from improper sanitization and escaping of input fields in the plugin's settings (WPScan).

The vulnerability allows high-privilege users such as administrators to store and execute malicious JavaScript code on the affected WordPress installation. This could potentially lead to unauthorized actions being performed in the context of other users who view the affected pages (WPScan).

The vulnerability has been fixed in Poll Maker version 4.0.2. Users are advised to update to this version or later to mitigate the security risk (WPScan).