CVE-2022-1717: 
WordPress vulnerability analysis and mitigation

The Custom Share Buttons with Floating Sidebar WordPress plugin versions below 4.2 contain a stored Cross-Site Scripting (XSS) vulnerability identified as CVE-2022-1717. The vulnerability was discovered and publicly disclosed on May 26, 2022. The issue affects the plugin's settings functionality, particularly impacting administrators when the unfiltered_html capability is disallowed (WPScan).

The vulnerability stems from improper sanitization and escaping of plugin settings. This security flaw is specifically present in the Floating Sidebar settings, where social sharing options can be configured. The vulnerability has been assigned a CVSS score of 3.4 (Low), and is classified as CWE-79: Cross-Site Scripting (WPScan).

When exploited, this vulnerability allows high-privilege users such as administrators to perform Stored Cross-Site Scripting attacks. The impact is particularly significant when the unfiltered_html capability is disallowed. The XSS payload can be triggered both in the plugin's settings page and in the frontend when the Sidebar and related Social Share buttons are active (WPScan).

The vulnerability has been fixed in version 4.2 of the Custom Share Buttons with Floating Sidebar plugin. Users are advised to update to this version or later to mitigate the risk (WPScan).