CVE-2022-1542: 
WordPress vulnerability analysis and mitigation

The HPB Dashboard WordPress plugin through version 1.3.1 contains a Cross-Site Scripting (XSS) vulnerability identified as CVE-2022-1542. The vulnerability was discovered in May 2022 and affects the plugin's settings functionality. The issue allows high-privilege users such as administrators to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (WPScan, NVD).

The vulnerability stems from improper sanitization and escaping of certain plugin settings. It has been assigned a CVSS v3.1 base score of 4.8 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N. The vulnerability is classified as CWE-79: Improper Neutralization of Input During Web Page Generation (NVD).

When exploited, this vulnerability could allow authenticated users with high privileges to execute cross-site scripting attacks against other users, potentially leading to client-side code execution in the context of the affected WordPress site (WPScan).

Users should upgrade to a version newer than 1.3.1 of the HPB Dashboard plugin to address this vulnerability. No specific workarounds have been documented for users who cannot upgrade immediately (NVD).