CVE-2022-45361: 
WordPress vulnerability analysis and mitigation

The vulnerability identified as CVE-2022-45361 is a Stored Cross-Site Scripting (XSS) vulnerability affecting the Boris Kuzmanov 0mk Shortener WordPress plugin versions 0.2 and below. The vulnerability was discovered and reported on November 15, 2022, and was publicly disclosed on February 2, 2023 (Patchstack).

The vulnerability is classified as a Stored Cross-Site Scripting (XSS) issue that affects authenticated users with administrative privileges. It has received a CVSS v3.1 base score of 4.8 (MEDIUM) from NIST with a vector string of CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N. Patchstack assigned a slightly higher CVSS score of 5.9 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L (NVD).

The vulnerability could allow malicious actors to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts would be executed when guests visit the affected site, potentially compromising the security of both the website and its visitors (Patchstack).

As of the latest reports, there is no official fix available for this vulnerability. The security issue has been classified as having a low severity impact and is considered unlikely to be exploited (Patchstack).