CVE-2022-4653: 
WordPress vulnerability analysis and mitigation

The vulnerability CVE-2022-4653 affects the Greenshift WordPress plugin versions before 4.8.9. The vulnerability was discovered and publicly disclosed on December 23, 2022. It involves an input validation issue in the plugin's shortcode attributes that could lead to Cross-Site Scripting (XSS) attacks (WPScan Advisory).

The vulnerability is classified as a Stored Cross-Site Scripting (XSS) vulnerability with a CVSS v3.1 base score of 5.4 (Medium) and vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. The issue stems from improper validation and escaping of shortcode attributes in the plugin. A proof of concept exploit involves using the shortcode: [wpreusablerender id='2' ajax='true' height='100px;width:100px;background:red;" onmouseover="alert(1)"'] (WPScan Advisory).

The vulnerability allows users with contributor-level access or higher to perform Stored Cross-Site Scripting attacks. This could potentially lead to client-side code execution in the context of other users' browsers who view the affected content (WPScan Advisory).

The vulnerability has been fixed in version 4.8.9 of the Greenshift WordPress plugin. Users are advised to update to this version or later to mitigate the risk (WPScan Advisory).