CVE-2022-45082: 
WordPress vulnerability analysis and mitigation

Multiple authenticated stored Cross-Site Scripting (XSS) vulnerabilities were discovered in the WordPress Accordions plugin versions 2.0.3 and below. The vulnerability was identified on September 29, 2022, affecting the plugin's handling of parameters 'addons-style-name' and 'accordions_or_faqs_license_key' (Patchstack).

The vulnerability is classified as a Cross-Site Scripting (XSS) issue with a CVSS score of 4.8 (Medium), requiring high privileges and user interaction. The attack vector is network-based, with low attack complexity. The vulnerability allows authenticated users with administrative privileges to inject malicious scripts, which could be executed when visitors access the affected site (AttackerKB).

The vulnerability could allow malicious actors to inject scripts, including redirects, advertisements, and other HTML payloads into the website, which would be executed when guests visit the site. The impact is considered low severity due to the high privilege requirement for exploitation (Patchstack).

The vulnerability was fixed in version 2.1.0 of the Accordions plugin. Users are advised to update to version 2.1.0 or later to remove the vulnerability. As of March 7, 2024, the plugin has been closed due to security issues (WordPress Plugin).