CVE-2022-4208: 
WordPress vulnerability analysis and mitigation

CVE-2022-4208 is a security vulnerability in the WordPress plugin Chained Quiz version 1.3.2 and earlier, discovered and disclosed on December 2, 2022. The vulnerability stems from insufficient input sanitization and output escaping, which allows unauthenticated attackers to perform malicious actions (NVD). The vulnerability has been assigned a CVSS score of 6.1 (Medium) (Wordfence).

The vulnerability exists due to improper sanitization of user input where sanitizetextfield is used instead of esc_attr in multiple endpoints. The affected files include chained-quiz/controllers/completed.php and chained-quiz/views/completed.html.php. The CVSS Vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N (Wordfence).

When exploited, the vulnerability allows attackers to inject arbitrary web content and potentially execute cross-site scripting (XSS) attacks. When a logged-in administrator visits a specially crafted URL, the XSS payload can trigger, potentially leading to the creation of unauthorized administrator accounts (Wordfence).

Website administrators running the affected versions of the Chained Quiz plugin should update to the latest version that contains the security fixes. If immediate updating is not possible, it is recommended to disable the plugin until it can be updated (NVD).