CVE-2022-47436: 
WordPress vulnerability analysis and mitigation

A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the MantraBrain Yatra WordPress plugin, affecting versions up to 2.1.14. The vulnerability was publicly disclosed on April 19, 2023, and was assigned CVE-2022-47436. The issue was discovered by TEAM WEBoB of BoB 11th (WPScan).

The vulnerability stems from improper sanitization and escaping of certain plugin settings. This security flaw could be exploited even when the unfiltered_html capability is disallowed, such as in multisite setups. The vulnerability has been assigned a CVSS v3.1 base score of 4.8 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N according to NVD's assessment (NVD).

The vulnerability allows high-privilege users such as administrators to perform Stored Cross-Site Scripting attacks. This could enable malicious actors to inject harmful scripts, including redirects, advertisements, and other HTML payloads that would execute when guests visit the site (Patchstack).

The vulnerability was fixed in version 2.1.15 of the Yatra plugin. Users are advised to update to this version or later to remove the vulnerability. The security issue has been classified as having a low severity impact and is considered unlikely to be exploited (Patchstack).