CVE-2022-40215: 
NixOS vulnerability analysis and mitigation

Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities were discovered in the WordPress Tabs plugin versions 3.7.1 and below. The vulnerability was assigned CVE-2022-40215 and was publicly disclosed on September 22, 2022. The affected software is the 'Tabs - Responsive Tabs with WooCommerce Product Tab Extension' WordPress plugin (WPScan, CVE Mitre).

The vulnerability stems from the plugin's failure to properly sanitize and escape certain parameters, which could potentially be exploited by users with high privileges to perform Cross-Site Scripting attacks. The vulnerability has been assigned a CVSS score of 3.4 (low severity) and is classified under CWE-79. The security issue falls under the OWASP Top 10 category A7: Cross-Site Scripting (XSS) (WPScan).

The vulnerability allows authenticated users with high privileges to inject and execute malicious scripts in the context of other users' browsers who access the affected pages. This could potentially lead to theft of sensitive information, session hijacking, or other malicious actions performed in the context of the affected users (WPScan).

The vulnerability has been patched in version 3.7.2 of the Tabs plugin. Users are advised to update to this version or later to mitigate the security risk. As of March 7, 2024, the plugin has been closed and is no longer available for download due to security issues (WordPress Plugin, WPScan).