CVE-2022-47591: 
WordPress vulnerability analysis and mitigation

A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the Mickael Austoni Map Multi Marker WordPress plugin versions 3.2.1 and below. The vulnerability was reported on December 14, 2022, and was assigned CVE-2022-47591. The issue was publicly disclosed on January 13, 2023 (Patchstack Advisory).

The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation) and received a CVSS v3.1 base score of 6.1 (MEDIUM) from NIST with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. Patchstack assigned a slightly higher CVSS score of 7.1 (HIGH) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. The vulnerability is exploitable by unauthenticated users (NVD, Patchstack Advisory).

This vulnerability could allow malicious actors to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts would be executed when visitors access the affected site (Patchstack Advisory).

No official fix is currently available for this vulnerability. However, Patchstack has issued a virtual patch to mitigate the issue by blocking potential attacks until an official fix becomes available (Patchstack Advisory).