CVE-2022-2391: 
WordPress vulnerability analysis and mitigation

The vulnerability CVE-2022-2391 was identified in the Inspiro PRO WordPress plugin, discovered and reported by Fortune Sam Okon. The vulnerability was publicly disclosed on July 18, 2022, and affects versions of Inspiro Premium prior to 7.2.3. This security flaw involves improper sanitization of the portfolio slider description, which creates a stored Cross-Site Scripting (XSS) vulnerability (WPScan).

The vulnerability is classified as a Stored Cross-Site Scripting (XSS) issue, identified as CWE-79 (Improper Neutralization of Input During Web Page Generation). It received a CVSS v3.1 base score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, indicating network accessibility, low attack complexity, and required user interaction (NVD).

The vulnerability allows users with privileges as low as Contributor to inject malicious JavaScript code into the portfolio slider description. When administrators, editors, or other users view the affected portfolio item, the injected script is executed in their browser context, potentially leading to unauthorized actions or data theft (WPScan).

The vulnerability has been patched in Inspiro Premium version 7.2.3. Users are advised to update their installations to this version or later to mitigate the risk (WPScan).