CVE-2022-4652: 
WordPress vulnerability analysis and mitigation

CVE-2022-4652 is a security vulnerability discovered in the Video Background WordPress plugin versions below 2.7.5. The vulnerability was publicly disclosed on February 20, 2023, and affects the plugin's shortcode functionality. This vulnerability allows users with contributor-level access or higher to perform Stored Cross-Site Scripting (XSS) attacks (WPScan Details).

The vulnerability stems from the plugin's failure to properly validate and escape shortcode attributes before outputting them back in pages or posts where the shortcode is embedded. The vulnerability has been assigned a CVSS score of 6.8 (medium) and is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation). All shortcode attributes are affected, including container, mp4, webm, poster, loop, muted, overlay, overlay_color, overlay_alpha, tap_to_unmute, and source (WPScan Details).

The vulnerability allows authenticated users with contributor privileges or higher to inject malicious JavaScript code through shortcode attributes. This can lead to stored cross-site scripting attacks, potentially affecting other users who view the compromised pages or posts (WPScan Details).

The vulnerability has been fixed in version 2.7.5 of the Video Background plugin. Users are advised to update to this version or later to mitigate the security risk (WPScan Details).