CVE-2022-1512: 
WordPress vulnerability analysis and mitigation

The ScrollReveal.js Effects WordPress plugin through version 1.2 contains a stored Cross-Site Scripting (XSS) vulnerability identified as CVE-2022-1512. The vulnerability was discovered by Mariam Tariq and publicly disclosed on April 25, 2022. The issue affects the plugin's settings functionality where input validation is inadequate (WPScan, CVE Mitre).

The vulnerability stems from the plugin's failure to properly sanitize and escape its settings, enabling potential Cross-Site Scripting attacks even when the unfiltered_html capability is disabled. The issue has been assigned a CVSS score of 3.4 (low severity) and is classified under CWE-79 (Cross-Site Scripting). The vulnerability can be exploited through the plugin's settings interface, such as the Opacity field (WPScan).

When exploited, this vulnerability allows high-privilege users to perform Cross-Site Scripting attacks on the WordPress installation. This could potentially lead to the execution of malicious JavaScript code in users' browsers who access the affected pages (WPScan).

As of the vulnerability disclosure, there is no known fix available for this issue in the ScrollReveal.js Effects plugin. Users are advised to consider alternative plugins or implement additional security controls to mitigate the risk (WPScan).