CVE-2022-43463: 
WordPress vulnerability analysis and mitigation

The vulnerability (CVE-2022-43463) is a Stored Cross-Site Scripting (XSS) vulnerability affecting the Custom Product Tabs for WooCommerce WordPress plugin versions 1.7.9 and below. The vulnerability was discovered on October 30, 2022, and affects administrators and high-privilege users, particularly in multisite setups where unfiltered_html capability is disallowed (Patchstack, WPScan).

The vulnerability stems from improper sanitization and escaping of certain plugin settings. It has been assigned a CVSS v3.1 Base Score of 4.8 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N. The vulnerability is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation) (NVD).

The vulnerability allows high-privilege users such as administrators to perform Stored Cross-Site Scripting attacks, particularly in multisite setups where the unfiltered_html capability is disabled. This could potentially lead to the injection of malicious scripts, including redirects, advertisements, and other HTML payloads that would execute when visitors access the site (Patchstack).

The vulnerability has been patched in version 1.8.0 of the Custom Product Tabs for WooCommerce plugin. Users are advised to update to version 1.8.0 or later to remediate the vulnerability (WPScan).