CVE-2022-4784: 
WordPress vulnerability analysis and mitigation

CVE-2022-4784 is a Stored Cross-Site Scripting (XSS) vulnerability affecting the Hueman Addons WordPress plugin versions 2.3.3 and below. The vulnerability was discovered by Lana Codes and publicly disclosed on January 26, 2023. This security issue affects WordPress installations using both the Hueman theme and its companion plugin Hueman Addons (WPScan).

The vulnerability stems from improper validation and escaping of shortcode attributes in the plugin. When these attributes are output back in a page or post where the shortcode is embedded, it creates a security weakness. The vulnerability has been assigned a CVSS score of 6.8 (Medium) and is classified under CWE-79. A proof of concept exploit involves using a malicious shortcode with the following format: [column size='" onmouseover="alert(1)" style="background:red;width:100px;height:100px;"'] (WPScan).

The vulnerability allows users with contributor-level access or higher to perform Stored Cross-Site Scripting attacks. This could potentially lead to the execution of malicious JavaScript code in visitors' browsers when they view affected pages or posts (WPScan).

As of the last update, there is no known fix available for this vulnerability. Website administrators using affected versions of the Hueman Addons plugin should consider either removing the plugin or restricting access to contributor roles until a patch is released (WPScan).