CVE-2022-2426: 
WordPress vulnerability analysis and mitigation

The Thinkific Uploader WordPress plugin through version 1.0.0 contains a stored Cross-Site Scripting (XSS) vulnerability that was discovered on July 15, 2022, and publicly disclosed on July 18, 2022. The vulnerability affects the plugin's settings functionality and impacts WordPress installations using the affected version (WPScan).

The vulnerability stems from improper sanitization and escaping of plugin settings, which could allow privileged users to inject malicious scripts. The vulnerability has been assigned a CVSS score of 3.4 (low severity) and is classified under CWE-79 (Cross-Site Scripting). The technical assessment indicates that the vulnerability specifically affects the settings functionality of the plugin (WPScan).

The vulnerability allows high-privilege users such as administrators to perform Stored Cross-Site Scripting attacks against other administrators. This could potentially lead to unauthorized access to administrator-level functionality and compromise of the WordPress installation (WPScan).

As of the last update, there is no known fix available for this vulnerability. Website administrators using the affected plugin should consider either removing the plugin or implementing additional security controls to restrict administrative access (WPScan).