CVE-2022-2473 is a medium-severity vulnerability affecting the WP-UserOnline plugin for WordPress, specifically versions up to and including 2.87.6. The vulnerability is a Stored Cross-Site Scripting (XSS) flaw categorized under CWE-79, caused by improper neutralization of input during web page generation. It arises from insufficient input sanitization and output escaping of the 'templates[browsingpage][text]' parameter. This flaw allows authenticated users with administrative privileges or higher to inject arbitrary malicious scripts into pages. These scripts execute whenever any user accesses the compromised page, potentially leading to session hijacking, privilege escalation, or other malicious activities. The vulnerability specifically affects multi-site WordPress installations and those where the 'unfiltered_html' capability is disabled, limiting the scope to environments with stricter content filtering. The CVSS v3.1 base score is 5.5 (medium), reflecting a network attack vector with low attack complexity but requiring high privileges and no user interaction. The vulnerability impacts confidentiality and integrity but not availability. No known exploits in the wild have been reported, and no official patches are linked in the provided data, indicating that mitigation may require manual intervention or plugin updates from the vendor. The vulnerability was published on September 6, 2022, and was assigned by Wordfence with enrichment from CISA, indicating credible recognition by security authorities.

For European organizations, this vulnerability poses a moderate risk primarily to those running WordPress multi-site environments with the WP-UserOnline plugin installed and configured with 'unfiltered_html' disabled. Exploitation could lead to unauthorized script execution, enabling attackers to steal session cookies, perform actions on behalf of users, or inject malicious content that could damage organizational reputation or lead to data leakage. Given the administrative privileges required, the threat is more relevant in scenarios where insider threats or compromised admin accounts exist. The impact on confidentiality and integrity could affect sensitive data and user trust. Since WordPress is widely used across Europe for corporate websites, intranets, and e-commerce platforms, organizations relying on this plugin in multi-site setups are at risk. However, the absence of known active exploits and the medium severity score suggest that the threat is not currently critical but should be addressed promptly to prevent future exploitation.

European organizations should first identify if they are using the WP-UserOnline plugin, particularly in multi-site WordPress installations with 'unfiltered_html' disabled. Immediate mitigation steps include: 1) Restrict administrative access to trusted personnel only and enforce strong authentication mechanisms to reduce the risk of privilege abuse. 2) Review and sanitize all inputs related to the 'templates[browsingpage][text]' parameter manually if patching is not yet available. 3) Monitor and audit administrative actions and plugin configurations for suspicious changes. 4) Apply any available updates or patches from the plugin vendor as soon as they are released. 5) Consider disabling or replacing the WP-UserOnline plugin if it is not essential, especially in multi-site environments. 6) Implement Content Security Policy (CSP) headers to limit the impact of potential XSS attacks by restricting script execution sources. 7) Educate administrators about the risks of XSS and the importance of cautious input handling. These targeted measures go beyond generic advice by focusing on the specific plugin, configuration, and environment conditions that enable this vulnerability.