CVE-2022-1469: 
WordPress vulnerability analysis and mitigation

The FiboSearch WordPress plugin before version 1.17.0 contains a stored Cross-Site Scripting (XSS) vulnerability identified as CVE-2022-1469. The vulnerability was discovered and reported by Dipak Panchal, and it affects the plugin's settings functionality. The issue was publicly disclosed on May 16, 2022, and has been fixed in version 1.17.0 of the plugin (WPScan).

The vulnerability stems from improper sanitization and escaping of certain plugin settings. This security flaw specifically affects high-privilege users such as administrators when the unfiltered_html capability is disallowed. The vulnerability has been assigned a CVSS v3.1 base score of 4.8 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N. The issue is classified as CWE-79: Improper Neutralization of Input During Web Page Generation (NVD).

When exploited, this vulnerability allows high-privilege users to perform Stored Cross-Site Scripting attacks. The impact is particularly relevant in scenarios where the unfiltered_html capability is disabled, potentially leading to the execution of malicious JavaScript code in the context of other users' browsers (WPScan).

The recommended mitigation is to upgrade the FiboSearch WordPress plugin to version 1.17.0 or later, which contains the security fix for this vulnerability (WPScan).