CVE-2022-2710: 
WordPress vulnerability analysis and mitigation

The Scroll To Top WordPress plugin before version 1.4.1 contains a stored Cross-Site Scripting (XSS) vulnerability. The plugin fails to properly escape some of its settings, which could allow high-privilege users such as administrators to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed, such as in multisite setups (WPScan).

The vulnerability is classified as a Cross-Site Scripting (XSS) issue, specifically of the stored variety, and is tracked as CVE-2022-2710. It has been assigned a CVSS v3.1 base score of 4.8 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N. The vulnerability is categorized under CWE-79: Improper Neutralization of Input During Web Page Generation (NVD).

When exploited, this vulnerability allows high-privilege users to inject malicious JavaScript code into the plugin settings. The injected code will be executed when other users access these settings, potentially leading to unauthorized actions being performed in the context of the victim's browser session (WPScan).

Users should update their Scroll To Top WordPress plugin to version 1.4.1 or later, which contains the fix for this vulnerability (WPScan).