CVE-2022-4112: 
WordPress vulnerability analysis and mitigation

The Quizlord WordPress plugin through version 2.0 contains a stored Cross-Site Scripting (XSS) vulnerability that affects high-privilege users such as administrators. This vulnerability was discovered and publicly disclosed on November 19, 2022, and was assigned CVE-2022-4112. The vulnerability affects all versions of the Quizlord plugin up to and including version 2.0 (WPScan).

The vulnerability stems from improper sanitization and escaping of settings within the plugin. This security flaw allows high-privilege users to perform Stored Cross-Site Scripting attacks, even in environments where the unfiltered_html capability is disabled, such as in multisite setups. The vulnerability has been assigned a CVSS v3.1 base score of 4.8 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N (NVD).

When exploited, this vulnerability could allow authenticated administrators to store and execute malicious JavaScript code on the website. This could potentially lead to client-side attacks against other users who access the affected pages, even in environments where additional security measures like unfiltered_html restrictions are in place (WPScan).

As of the latest reports, there is no known fix available for this vulnerability. Website administrators using the Quizlord plugin should consider either removing the plugin or implementing additional security controls to restrict access to the quiz creation functionality (WPScan).