CVE-2022-3139 is a medium-severity vulnerability affecting the We’re Open! WordPress plugin versions prior to 1.42. The vulnerability is a Stored Cross-Site Scripting (XSS) flaw classified under CWE-79. It arises because the plugin fails to properly sanitize and escape certain settings, allowing high-privilege users, such as administrators, to inject malicious scripts that are stored and later executed in the context of other users’ browsers. Notably, this vulnerability can be exploited even when the WordPress unfiltered_html capability is disabled, such as in multisite environments, which typically restrict the ability to post unfiltered HTML. The CVSS 3.1 vector (AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N) indicates that the attack is network exploitable with low attack complexity, requires high privileges and user interaction, and impacts confidentiality and integrity with a scope change, but does not affect availability. There are no known public exploits in the wild, and no official patches linked in the provided data, though the vulnerability was published in October 2022. The flaw allows an attacker with admin-level access to inject persistent malicious JavaScript that could steal sensitive information, manipulate site content, or perform actions on behalf of other users, potentially compromising site integrity and user trust.

For European organizations using the We’re Open! plugin on WordPress, this vulnerability poses a risk primarily to site administrators and users with elevated privileges. Exploitation could lead to unauthorized disclosure of sensitive information, session hijacking, or manipulation of site content, undermining data confidentiality and integrity. In multisite WordPress deployments common in larger organizations or managed service providers, the risk is heightened because the vulnerability bypasses typical unfiltered_html restrictions. This could facilitate lateral movement or privilege escalation within the network. The impact on availability is minimal, but the reputational damage and potential regulatory consequences under GDPR for data breaches involving personal data could be significant. Organizations relying on this plugin for public-facing or internal portals should be aware that attackers with admin access could leverage this vulnerability to compromise user accounts or inject malicious payloads, potentially affecting business operations and customer trust.

To mitigate this vulnerability, European organizations should immediately update the We’re Open! plugin to version 1.42 or later where the issue is resolved. If an update is not immediately possible, restrict administrative access strictly to trusted personnel and enforce strong authentication mechanisms such as multi-factor authentication (MFA) to reduce the risk of compromised admin accounts. Conduct a thorough audit of all plugin settings and content for suspicious scripts or injected code. Implement Content Security Policy (CSP) headers to limit the execution of unauthorized scripts. Additionally, review and harden WordPress user roles and capabilities, especially in multisite environments, to minimize the number of users with high privileges. Regularly monitor logs for unusual admin activity and consider deploying web application firewalls (WAF) with rules to detect and block XSS payloads. Finally, educate administrators about the risks of stored XSS and safe content management practices.