CVE-2022-3392 is a medium-severity vulnerability classified as CWE-79 (Cross-Site Scripting, XSS) affecting the WordPress plugin WP Humans.txt version 1.0.6 and earlier. The vulnerability arises because the plugin fails to properly sanitize and escape certain settings before rendering them in the web interface. This flaw allows users with high privileges, such as administrators, to inject and store malicious scripts (Stored XSS) within the plugin's settings. Notably, this vulnerability can be exploited even when the WordPress unfiltered_html capability is disabled, such as in multisite environments, which normally restricts the ability to post unfiltered HTML content. The attack requires the attacker to have high privileges and some user interaction (UI:R) to trigger the malicious script. The vulnerability impacts confidentiality and integrity by potentially allowing attackers to execute arbitrary JavaScript in the context of the WordPress admin interface, which could lead to session hijacking, privilege escalation, or other malicious actions. The CVSS 3.1 base score is 4.8 (medium), reflecting network attack vector (AV:N), low attack complexity (AC:L), high privileges required (PR:H), user interaction required (UI:R), scope changed (S:C), and low impact on confidentiality and integrity (C:L/I:L) with no impact on availability (A:N). There are no known public exploits in the wild, and no official patches have been linked in the provided data, although it is likely that plugin updates or mitigations exist beyond version 1.0.6. The vulnerability was published on October 25, 2022, and was assigned by WPScan. The issue is particularly relevant for WordPress multisite setups where unfiltered_html is disabled but administrators can still exploit this flaw to inject malicious scripts.

For European organizations using WordPress multisite environments with the WP Humans.txt plugin version 1.0.6 or earlier, this vulnerability poses a risk of stored XSS attacks by high-privilege users. The impact includes potential compromise of administrative sessions, unauthorized actions within the WordPress dashboard, and possible lateral movement or privilege escalation within the CMS environment. While the vulnerability requires administrative privileges to exploit, the stored XSS could be leveraged by attackers who have already gained partial access or by malicious insiders. This could lead to data leakage, defacement, or insertion of malicious content affecting website visitors and internal users. Given the widespread use of WordPress across European businesses, including government, education, and commercial sectors, exploitation could disrupt operations and damage reputations. However, the medium severity and requirement for high privileges limit the scope to organizations with vulnerable plugin versions and insufficient privilege management. The lack of known exploits reduces immediate risk but does not eliminate the threat, especially if attackers develop exploits targeting this vulnerability.

European organizations should immediately audit their WordPress installations to identify the presence of the WP Humans.txt plugin version 1.0.6 or earlier. If detected, they should upgrade to the latest version of the plugin where the vulnerability is patched or remove the plugin if it is not essential. Additionally, organizations should enforce the principle of least privilege by limiting administrative access strictly to trusted personnel and regularly reviewing user roles and capabilities. Implementing Web Application Firewalls (WAFs) with rules to detect and block XSS payloads can provide an additional layer of defense. For multisite environments, administrators should verify that unfiltered_html capabilities are correctly configured and consider additional input validation or sanitization plugins to mitigate injection risks. Regular security training for administrators on the risks of stored XSS and safe plugin management practices is also recommended. Monitoring logs for suspicious activity related to plugin settings changes can help detect exploitation attempts early.