CVE-2022-29447: 
WordPress vulnerability analysis and mitigation

The CVE-2022-29447 is an Authenticated Local File Inclusion (LFI) vulnerability affecting Wow-Company's Hover Effects WordPress plugin versions 2.1 and below. The vulnerability was discovered on May 16, 2022, requiring administrator or higher user role privileges for exploitation (Patchstack, AttackerKB).

The vulnerability has been assigned a CVSS v3.1 base score of 7.2 (High), with an impact score of 5.9 and exploitability score of 1.2. The attack vector is Network-based (AV:N) with Low attack complexity (AC:L), requiring High privileges (PR:H) and No user interaction (UI:N). The scope is Unchanged (S:U) with High impact on Confidentiality, Integrity, and Availability (C:H/I:H/A:H) (AttackerKB).

If exploited, this Local File Inclusion vulnerability could allow an authenticated attacker with administrator privileges to include local files of the target website and display their contents. This could potentially lead to exposure of sensitive information, including database credentials, depending on the specific configuration (Patchstack).

The vulnerability has been patched in version 2.1.1 of the Hover Effects plugin. Users are advised to update to version 2.1.1 or later to remediate this security issue (Patchstack).