CVE-2022-45831: 
WordPress vulnerability analysis and mitigation

An unauthorized Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the biplob018 Image Hover Effects for Elementor with Lightbox and Flipbox WordPress plugin, affecting versions 2.8 and below. The vulnerability was discovered by researcher minhtuanact and publicly disclosed on February 2, 2023 (Patchstack).

The vulnerability occurs because the plugin fails to properly sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting vulnerability. The issue has been assigned CVE-2022-45831 and has received a CVSS v3.1 base score of 6.1 (MEDIUM) from NIST with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, while Patchstack assessed it with a higher CVSS score of 7.1 (HIGH) (WPScan, NVD).

This vulnerability could allow malicious actors to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the website, which would be executed when visitors access the site. The vulnerability is particularly concerning as it could be used to target high-privilege users such as administrators (Patchstack).

The vulnerability has been fixed in version 3.0 of the plugin. Users are advised to update to version 3.0 or later immediately. For users unable to update immediately, Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks (Patchstack).