CVE-2022-4753: 
WordPress vulnerability analysis and mitigation

The vulnerability CVE-2022-4753 affects the WordPress plugin Print-O-Matic versions 2.1.7 and below. This security flaw is classified as a Stored Cross-Site Scripting (XSS) vulnerability that affects users with contributor-level permissions or higher. The vulnerability was discovered by István Márton and was publicly disclosed on December 28, 2022 (Wordfence, WPScan).

The vulnerability exists because the plugin fails to properly validate and escape certain shortcode attributes before rendering them on the page. This security issue has been assigned a CVSS score of 6.4, indicating a medium severity level. The vulnerability is classified under OWASP Top 10 category A7: Cross-Site Scripting (XSS) and CWE-79 (WPScan).

When exploited, this vulnerability allows attackers with contributor-level access or higher to perform Stored Cross-Site Scripting attacks. These attacks can be specifically targeted against high-privilege users such as administrators, potentially leading to unauthorized actions or data theft (WPScan).

The vulnerability has been patched in Print-O-Matic version 2.1.8. Users are strongly advised to update their installations to this version or later to mitigate the security risk (WPScan).