CVE-2022-4751: 
WordPress vulnerability analysis and mitigation

CVE-2022-4751 is a security vulnerability affecting the Word Balloon WordPress plugin versions below 4.19.3. The vulnerability was publicly disclosed on December 28, 2022, and involves a Stored Cross-Site Scripting (XSS) weakness that affects WordPress installations using the vulnerable plugin versions (WPScan).

The vulnerability stems from improper validation and escaping of shortcode attributes in the Word Balloon plugin. When these attributes are output back to the page, they can be manipulated to inject malicious scripts. The vulnerability has been assigned a CVSS score of 6.8 (medium severity) and is classified under CWE-79 (Cross-Site Scripting) (WPScan).

The vulnerability allows users with contributor-level access or higher to perform Stored Cross-Site Scripting attacks. These attacks could be leveraged against high-privilege users such as administrators, potentially leading to unauthorized actions or data theft when an administrator views a page containing the malicious content (WPScan).

The vulnerability has been patched in Word Balloon plugin version 4.19.3. Users are advised to update to this version or later to mitigate the security risk (WPScan).