CVE-2022-4826: 
WordPress vulnerability analysis and mitigation

CVE-2022-4826 is a stored Cross-Site Scripting (XSS) vulnerability affecting the Simple Tooltips WordPress plugin versions below 2.1.4. The vulnerability was discovered by Lana Codes and publicly disclosed on January 16, 2023. The issue affects websites using the vulnerable versions of the Simple Tooltips plugin (WPScan).

The vulnerability exists because the plugin fails to properly validate and escape shortcode attributes before outputting them back in a page or post where the shortcode is embedded. The vulnerability has been assigned a CVSS score of 6.8 (medium severity) and is classified under CWE-79 (Cross-Site Scripting). The vulnerability can be exploited through the plugin's shortcode functionality (WPScan).

This vulnerability allows users with contributor-level privileges or higher to perform Stored Cross-Site Scripting attacks. When successfully exploited, attackers can inject malicious JavaScript code that executes in visitors' browsers when they view the affected pages (WPScan, Wordfence).

The vulnerability has been fixed in version 2.1.4 of the Simple Tooltips plugin. Website administrators are strongly advised to update to this version or later to protect against this security issue (WPScan).