CVE-2022-4761: 
WordPress vulnerability analysis and mitigation

The Post Views Count WordPress plugin through version 3.0.2 contains a stored Cross-Site Scripting (XSS) vulnerability identified as CVE-2022-4761. The vulnerability was discovered by Lana Codes and publicly disclosed on January 25, 2023. This security issue affects the baw-post-views-count plugin and impacts WordPress installations using vulnerable versions of the plugin (WPScan).

The vulnerability stems from improper validation and escaping of shortcode attributes before they are output back in pages or posts where the shortcode is embedded. The vulnerability has been assigned a CVSS score of 6.8 (medium severity) and is classified under CWE-79: Cross-Site Scripting. The issue specifically affects the shortcode functionality of the plugin, allowing for stored XSS attacks (WPScan).

When exploited, this vulnerability allows users with contributor-level privileges or higher to perform Stored Cross-Site Scripting attacks. The successful exploitation could lead to the execution of malicious JavaScript code in the context of other users' browsers, including administrators, when they view the affected pages (WPScan).

As of the vulnerability disclosure, there is no known fix available for this security issue. Website administrators running the affected versions of the Post Views Count plugin should consider either removing the plugin or implementing additional security controls to restrict access to the shortcode functionality (WPScan).