CVE-2022-44738: 
WordPress vulnerability analysis and mitigation

CVE-2022-44738 is a CSV Injection vulnerability affecting the WordPress Posts and Users Stats plugin versions up to 1.1.3. The vulnerability was discovered by Mika and reported on November 7, 2022, with public disclosure on February 2, 2023. The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (HIGH) (NVD, Patchstack).

The vulnerability is classified as CWE-1236 (Improper Neutralization of Formula Elements in a CSV File). The issue allows for CSV Injection attacks against the Posts and Users Stats WordPress plugin. The vulnerability requires subscriber-level privileges or higher to exploit (Patchstack).

This vulnerability could allow a malicious actor to craft malicious formulas that could potentially exploit vulnerabilities in spreadsheet software or execute commands to gain access to the victim's PC when the CSV file is opened (Patchstack).

The vulnerability has been fixed in version 1.1.4 of the Posts and Users Stats plugin. Users are advised to update to version 1.1.4 or later to remove the vulnerability. It's worth noting that the software appears to be abandoned, as it hasn't been updated for over a year, and users should consider replacing it with an alternative solution (Patchstack).