CVE-2022-4576: 
WordPress vulnerability analysis and mitigation

The Easy Bootstrap Shortcode WordPress plugin versions 4.5.4 and below contain a stored Cross-Site Scripting (XSS) vulnerability. The vulnerability was discovered on December 24, 2022, and was assigned CVE-2022-4576. This security issue affects users with contributor-level access or higher, as the plugin fails to properly validate and escape certain shortcode attributes before rendering them on the page (WPScan).

The vulnerability has been assigned a CVSS score of 6.8 (medium severity) and is classified as CWE-79: Cross-Site Scripting. The issue stems from improper validation and escaping of shortcode attributes in the plugin's output functionality. When these attributes are rendered back in the page, they can contain malicious JavaScript code that executes in the context of other users' browsers (WPScan).

The vulnerability allows attackers with contributor-level access to inject malicious JavaScript code that executes when other users, including administrators, view the affected pages. This can lead to potential account compromise, data theft, or other malicious actions performed in the context of the victim's browser session (WPScan).

As of the vulnerability disclosure, there is no known fix available for this issue in the Easy Bootstrap Shortcode plugin (WPScan).