CVE-2022-27845

Name of the Vulnerable Software and Affected Versions PlausibleHQ Plausible Analytics (WordPress plugin) version 1.2.2 and earlier

Description The issue is related to an Authenticated Stored Cross-Site Scripting (XSS) in the PlausibleHQ Plausible Analytics WordPress plugin. This type of attack occurs when an attacker injects malicious code into a website, and this code is stored on the server. When other users access the website, the malicious code is executed, potentially allowing the attacker to steal user data or take control of user sessions. The attack requires the perpetrator to have an admin or higher user role.

Recommendations For PlausibleHQ Plausible Analytics (WordPress plugin) version 1.2.2 and earlier, update to a version later than 1.2.2 to resolve the issue. At the moment, there is no information about other specific mitigation measures for this vulnerability.