CVE-2022-1913: 
WordPress vulnerability analysis and mitigation

The vulnerability CVE-2022-1913 affects the WordPress plugin Add Post URL versions 2.1.0 and below. This security flaw was discovered and reported by Daniel Ruf, and was publicly disclosed on June 1, 2022. The vulnerability combines Cross-Site Request Forgery (CSRF) with Stored Cross-Site Scripting (XSS) in the plugin's settings update functionality (WPScan).

The vulnerability stems from the absence of CSRF protection mechanisms in the plugin's settings update functionality, combined with inadequate sanitization and escaping of input. The vulnerability has been assigned a CVSS score of 6.1 (medium) and is classified under CWE-352. When exploited, the vulnerability allows for arbitrary settings updates that can lead to stored XSS, which gets triggered in all posts (WPScan).

When successfully exploited, this vulnerability allows attackers to manipulate plugin settings through CSRF attacks targeting logged-in administrators. The compromised settings can then lead to stored Cross-Site Scripting attacks that affect all posts on the website, potentially impacting site visitors and administrators (WPScan).

As of the last update, there is no known fix available for this vulnerability. Users of the Add Post URL plugin should consider either removing the plugin or implementing additional security measures to protect against CSRF attacks (WPScan).