CVE-2022-27845: 
WordPress vulnerability analysis and mitigation

The vulnerability (CVE-2022-27845) is an Authenticated Stored Cross-Site Scripting (XSS) issue affecting PlausibleHQ Plausible Analytics WordPress plugin versions 1.2.2 and below. The vulnerability was discovered and disclosed on April 7, 2022, requiring administrator or higher user role privileges for exploitation (Patchstack).

The vulnerability stems from the plugin's failure to properly sanitize and escape some of its settings, which could allow high-privilege users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. The vulnerability has been assigned a CVSS score of 4.8 (medium severity) and is classified under OWASP Top 10 category A7: Cross-Site Scripting (XSS) and CWE-79 (WPScan).

The vulnerability could allow malicious actors with administrative access to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts would be executed when guests visit the affected site (Patchstack).

The vulnerability has been patched in version 1.2.3 of the Plausible Analytics WordPress plugin. Users are advised to update to version 1.2.3 or later to remediate the security issue (WPScan).