CVE-2022-3831: 
NixOS vulnerability analysis and mitigation

The reCAPTCHA WordPress plugin through version 1.6 contains a stored Cross-Site Scripting (XSS) vulnerability identified as CVE-2022-3831. The vulnerability was discovered and publicly disclosed on November 3, 2022. The issue affects the login-form-recaptcha plugin and stems from improper sanitization and escaping of certain plugin settings (WPScan).

The vulnerability exists due to the plugin's failure to properly sanitize and escape some of its settings. This security flaw allows high-privilege users, such as administrators, to perform Stored Cross-Site Scripting attacks, even in environments where the unfiltered_html capability is disabled, such as in multisite setups. The vulnerability has been assigned a CVSS score of 3.4 (low severity) and is classified under CWE-79 (WPScan).

When exploited, this vulnerability allows high-privilege users to inject and store malicious JavaScript code in the plugin's settings. The stored XSS payload can then be triggered when other users access the affected pages, potentially leading to unauthorized actions being performed in the context of the victim's browser session (WPScan).

As of the vulnerability disclosure, there is no known fix available for this security issue in the reCAPTCHA WordPress plugin (WPScan).