CVE-2022-2384: 
WordPress vulnerability analysis and mitigation

The vulnerability CVE-2022-2384 affects the Digital Publications by Supsystic WordPress plugin versions before 1.7.4. The vulnerability was discovered and publicly disclosed on July 21, 2022. It involves improper sanitization and escaping of settings in the plugin, which creates a security risk even when certain security measures are in place (WPScan Advisory).

The vulnerability is classified as a Cross-Site Scripting (XSS) issue, specifically a stored XSS vulnerability (CWE-79). It has received a CVSS v3.1 base score of 4.8 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N. The technical assessment indicates that the vulnerability requires high privileges but has a low attack complexity (NVD Database).

The vulnerability allows high-privilege users such as administrators to perform cross-site scripting attacks, even when the unfiltered_html capability is disallowed. This could potentially lead to the execution of malicious scripts in users' browsers (WPScan Advisory).

The vulnerability has been fixed in version 1.7.4 of the Digital Publications by Supsystic WordPress plugin. Users are advised to update to this version or later to mitigate the security risk (WPScan Advisory).