CVE-2022-4654: 
WordPress vulnerability analysis and mitigation

A stored Cross-Site Scripting (XSS) vulnerability was discovered in the Easy Pricing Tables WordPress plugin versions below 3.2.3. The vulnerability, identified as CVE-2022-4654, was publicly disclosed on January 4, 2023. The security flaw affects the plugin's shortcode functionality and impacts WordPress installations using vulnerable versions of the Easy Pricing Tables plugin (WPScan).

The vulnerability stems from improper validation and escaping of shortcode attributes in the plugin. It has been assigned a CVSS score of 6.8 (medium severity) and is classified under CWE-79. The vulnerability specifically relates to the OWASP Top 10 category A7: Cross-Site Scripting (XSS). The technical implementation allows for exploitation through the manipulation of shortcode attributes, particularly in the plugin's compatibility mode (WPScan).

Users with contributor-level permissions or higher can exploit this vulnerability to perform Stored Cross-Site Scripting attacks. This means malicious actors with appropriate access levels could inject and store malicious scripts that would execute when other users view the affected content (WPScan).

The vulnerability has been patched in version 3.2.3 of the Easy Pricing Tables plugin. Website administrators are advised to update to this version or later to mitigate the security risk (WPScan).