CVE-2022-1750 is a medium-severity Stored Cross-Site Scripting (XSS) vulnerability affecting the Sticky Popup WordPress plugin developed by numixtech, specifically in versions up to and including 1.2. The vulnerability arises due to improper neutralization of input during web page generation, classified under CWE-79. The root cause is insufficient input sanitization and output escaping of the 'popup_title' parameter. This flaw allows authenticated users with administrator-level privileges or higher to inject arbitrary JavaScript code into pages generated by the plugin. When other users access these compromised pages, the injected scripts execute in their browsers, potentially leading to session hijacking, privilege escalation, or other malicious activities. The vulnerability is particularly relevant in environments where the WordPress 'unfiltered_html' capability is disabled for administrators, such as multi-site installations or hardened setups that restrict direct HTML input. The CVSS v3.1 base score is 5.5, reflecting a medium severity level, with an attack vector of network (remote), low attack complexity, requiring high privileges (admin), no user interaction, and with a scope change. No known exploits have been reported in the wild, and no official patches or updates have been linked in the provided data. The vulnerability's impact is limited by the requirement for administrative privileges to exploit it, but the scope change indicates that the injected script can affect other users beyond the attacker, increasing the risk in multi-user environments.

For European organizations using WordPress sites with the Sticky Popup plugin, this vulnerability poses a risk primarily in environments with multiple users or administrators, such as corporate intranets, e-commerce platforms, or public-facing websites with administrative user roles. Successful exploitation could lead to the execution of malicious scripts in the browsers of site visitors or other administrators, potentially resulting in session hijacking, theft of sensitive data, or unauthorized actions performed on behalf of legitimate users. This could undermine the confidentiality and integrity of web applications and user data. Given the requirement for administrative access to exploit, the threat is more significant in organizations with weak internal access controls or compromised administrator accounts. The vulnerability could also be leveraged as part of a broader attack chain, especially in multi-site WordPress installations common in large European enterprises or hosting providers. The lack of known exploits reduces immediate risk, but the presence of the vulnerability in a widely used CMS plugin means that targeted attacks or automated scanning could emerge, especially in sectors with high-value targets such as finance, healthcare, or government institutions in Europe.

European organizations should take the following specific mitigation steps: 1) Immediately audit WordPress installations to identify the presence of the Sticky Popup plugin, especially versions up to 1.2. 2) Restrict administrative privileges strictly to trusted personnel and implement strong authentication mechanisms such as multi-factor authentication (MFA) to reduce the risk of compromised admin accounts. 3) If possible, disable or limit the use of the Sticky Popup plugin until a patched version is available or consider replacing it with alternative plugins that have been audited for security. 4) Implement Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts on affected sites, mitigating the impact of potential XSS attacks. 5) Monitor logs and user activity for unusual behavior indicative of exploitation attempts. 6) Educate administrators about the risks of injecting untrusted content and the importance of sanitizing inputs. 7) For multi-site WordPress installations, review and adjust the 'unfiltered_html' capability settings to balance functionality and security. 8) Stay updated with vendor advisories and apply patches promptly once released.