CVE-2022-44625: 
WordPress vulnerability analysis and mitigation

CVE-2022-44625 is a Stored Cross-Site Scripting (XSS) vulnerability affecting the Zephilou Cyklodev WP Notify WordPress plugin versions 1.2.1 and below. The vulnerability was discovered and reported by Hoang Van Hiep on November 7, 2022, and requires administrator-level access to exploit (Patchstack).

The vulnerability has been assigned a CVSS v3.1 Base Score of 4.8 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N. This indicates that the vulnerability requires high privileges to exploit, requires user interaction, and can potentially lead to limited confidentiality and integrity impacts (NVD).

The vulnerability allows malicious actors with administrator access to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts will be executed when guests visit the affected site (Patchstack).

The vulnerability has been fixed in version 1.3.0 of the Cyklodev WP Notify plugin. Users are advised to update to version 1.3.0 or later to remove the vulnerability. It's worth noting that the software might be abandoned as it hasn't been updated for over a year (Patchstack).