CVE-2022-4393: 
WordPress vulnerability analysis and mitigation

The ImageLinks Interactive Image Builder for WordPress plugin through version 1.5.3 contains a stored Cross-Site Scripting (XSS) vulnerability. The vulnerability was discovered on December 16, 2022, and affects the plugin's settings functionality. Users with contributor-level permissions or higher can exploit this vulnerability even when the unfiltered_html capability is disabled (WPScan Advisory).

The vulnerability stems from improper sanitization and escaping of plugin settings. It has been assigned CVE-2022-4393 and is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation). The vulnerability has a CVSS v3.1 base score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N (NVD).

When exploited, this vulnerability allows authenticated users with contributor-level access or higher to perform stored Cross-Site Scripting attacks. This can lead to the execution of arbitrary JavaScript code in users' browsers when viewing affected posts (WPScan Advisory).

The vulnerability has been fixed in version 1.5.4 of the ImageLinks Interactive Image Builder plugin. Users are advised to update to this version or later to mitigate the security risk (WPScan Advisory).