CVE-2022-45817: 
WordPress vulnerability analysis and mitigation

A Cross-Site Scripting (XSS) vulnerability was discovered in the Erin Garscadden GC Testimonials WordPress plugin versions 1.3.2 and below. The vulnerability was reported on December 1, 2022, and publicly disclosed on December 7, 2022. The affected plugin allows users with roles as low as Contributor to perform Stored Cross-Site Scripting attacks due to insufficient sanitization and escaping of certain parameters (WPScan, Patchstack).

The vulnerability has been assigned a CVSS v3.1 base score of 6.1 (Medium) by NVD with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, while Patchstack assessed it with a score of 5.4 (Medium) and vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation) (NVD).

The vulnerability allows attackers to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the website, which will be executed when guests visit the site. The impact is considered low severity but could affect website integrity and user experience (Patchstack).

Currently, there is no official fix available for this vulnerability. The security issue has been classified as having a low severity impact and is considered unlikely to be exploited (Patchstack).