CVE-2022-3822 is a medium-severity Stored Cross-Site Scripting (XSS) vulnerability identified in the WordPress plugin 'Donations via PayPal' prior to version 1.9.9. The vulnerability arises because the plugin fails to properly sanitize and escape certain settings fields. This flaw allows users with high privileges, such as administrators, to inject malicious JavaScript code that is stored persistently within the plugin's settings. Notably, this vulnerability can be exploited even when the WordPress capability 'unfiltered_html' is disabled, such as in multisite environments, which typically restricts the ability to post unfiltered HTML content. The attack vector requires the attacker to have high privileges (admin-level access) and some user interaction, as the malicious payload is injected through plugin settings and executed when viewed by other users with sufficient privileges. The vulnerability impacts the confidentiality and integrity of the affected WordPress sites by enabling the execution of arbitrary scripts, potentially leading to session hijacking, privilege escalation, or further compromise of the site. The CVSS 3.1 base score is 4.8, reflecting a medium severity with network attack vector, low attack complexity, high privileges required, user interaction required, and a scope change. There are no known exploits in the wild as of the publication date, and no official patches are linked in the provided information, indicating that mitigation may require manual updates or configuration changes by site administrators. The vulnerability is classified under CWE-79, which covers Cross-Site Scripting issues where untrusted input is not properly sanitized before being rendered in a web page context.

For European organizations using WordPress sites with the 'Donations via PayPal' plugin, this vulnerability poses a risk primarily to the confidentiality and integrity of their web platforms. Since the attack requires administrative privileges, the immediate threat is limited to environments where an attacker has already compromised or gained admin access, or where insider threats exist. Exploitation could lead to the execution of malicious scripts that steal session cookies, deface websites, or perform unauthorized actions on behalf of administrators. This can damage organizational reputation, disrupt donation processes, and potentially lead to data breaches if combined with other vulnerabilities. Nonprofits and charities, which often rely on donation plugins, may be particularly impacted, as trust and availability of donation channels are critical. The vulnerability's ability to bypass typical content filtering in multisite setups increases risk in larger organizations or hosting providers managing multiple WordPress instances. However, since no known exploits are reported, the immediate widespread impact is limited but should not be underestimated given the potential for targeted attacks.

1. Immediate upgrade: Site administrators should update the 'Donations via PayPal' plugin to version 1.9.9 or later as soon as an official patch becomes available. 2. Privilege review: Conduct a thorough audit of user privileges to ensure that only trusted users have administrative access, minimizing the risk of insider exploitation. 3. Input sanitization: Implement additional server-side input validation and sanitization for plugin settings, possibly through custom code or security plugins that enforce stricter content filtering. 4. Content Security Policy (CSP): Deploy a strict CSP to limit the execution of unauthorized scripts, reducing the impact of any injected malicious code. 5. Monitoring and logging: Enable detailed logging of administrative actions and monitor for unusual changes in plugin settings or unexpected script injections. 6. Multisite configuration review: For multisite WordPress installations, verify that capability restrictions are correctly enforced and consider isolating critical sites to reduce cross-site contamination risks. 7. Web Application Firewall (WAF): Use a WAF with rules targeting XSS patterns to detect and block malicious payloads attempting to exploit this vulnerability. 8. User education: Train administrators on the risks of XSS and safe plugin management practices to prevent accidental introduction of malicious content.