CVE-2022-2983: 
WordPress vulnerability analysis and mitigation

The Salat Times WordPress plugin before version 3.2.2 contains a stored Cross-Site Scripting (XSS) vulnerability. The vulnerability was discovered and publicly disclosed on November 2, 2022. The issue affects the plugin's settings functionality, where input fields are not properly sanitized and escaped (WPScan Advisory).

The vulnerability stems from improper sanitization and escaping of settings in the plugin, which allows high-privilege users such as administrators to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. The vulnerability has been assigned a CVSS v3.1 base score of 4.8 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N (NVD).

When exploited, the vulnerability allows attackers with administrative access to store malicious JavaScript code in the plugin's settings. This code is then executed when other users access the settings page or when the [dailysalattimes] shortcode is embedded in pages (WPScan Advisory).

The vulnerability has been fixed in version 3.2.2 of the Salat Times plugin. Users are advised to update to this version or later to mitigate the security risk (WPScan Advisory).