CVE-2022-1506: 
WordPress vulnerability analysis and mitigation

The WP Born Babies WordPress plugin version 1.0 and below contains a Stored Cross-Site Scripting (XSS) vulnerability identified as CVE-2022-1506. The vulnerability was discovered by Wejdan Alomari and publicly disclosed on May 16, 2022. The plugin fails to properly sanitize and escape certain fields, allowing users with contributor-level access or higher to perform Cross-Site Scripting attacks (WPScan).

The vulnerability exists due to improper input validation and sanitization of various fields within the plugin. The CVSS score is rated at 6.8 (medium), and it is classified under CWE-79 (Cross-Site Scripting). The vulnerability affects multiple settings fields in the plugin, including Birth Date and Time of Birth fields (WPScan).

When successfully exploited, the vulnerability allows attackers to inject malicious JavaScript code that executes when editing, viewing, or previewing posts. This could potentially lead to unauthorized actions being performed on behalf of other users who view the affected content (WPScan).

As of the last update, there is no known fix available for this vulnerability. Users are advised to either disable the plugin or implement additional security measures to restrict access to the affected functionality (WPScan).