CVE-2022-1582: 
WordPress vulnerability analysis and mitigation

The External Links in New Window / New Tab WordPress plugin before version 1.43 contains a stored Cross-Site Scripting (XSS) vulnerability identified as CVE-2022-1582. The vulnerability was discovered and publicly disclosed on May 9, 2022. The issue affects the WordPress plugin 'open-external-links-in-a-new-window' and stems from improper URL escaping in onclick event handlers (WPScan).

The vulnerability occurs because the plugin fails to properly escape URLs that are concatenated to onclick event handlers. This security flaw has been assigned a CVSS v3 base score of 6.1 (Medium), with an impact score of 2.7 and exploitability score of 2.8. The attack vector is network-based, requires low attack complexity, needs no privileges, but does require user interaction. The vulnerability has been classified as CWE-79: Cross-Site Scripting (AttackerKB).

If exploited, this vulnerability allows attackers to perform Stored Cross-Site Scripting attacks. The impact is rated as 'Low' for both confidentiality and integrity aspects, with no direct impact on availability. The scope is considered 'Changed', meaning the vulnerable component impacts resources beyond its security scope (AttackerKB).

The vulnerability has been patched in version 1.43 of the External Links in New Window / New Tab WordPress plugin. Site administrators are advised to update to this version or later to mitigate the risk (WPScan).