CVE-2022-3823 is a medium-severity Stored Cross-Site Scripting (XSS) vulnerability affecting the Beautiful Cookie Consent Banner WordPress plugin versions prior to 2.9.1. The vulnerability arises because the plugin fails to properly sanitize and escape certain settings inputs. This flaw allows users with high privileges, such as administrators, to inject malicious scripts that are stored persistently within the plugin's configuration. Notably, this vulnerability can be exploited even when the WordPress unfiltered_html capability is disabled, such as in multisite environments, which typically restricts the ability to insert unfiltered HTML. The vulnerability is classified under CWE-79, indicating improper neutralization of input during web page generation. The CVSS 3.1 base score is 4.8 (medium), with an attack vector of network (remote), low attack complexity, requiring high privileges, and user interaction (UI:R) needed. The scope is changed (S:C), meaning the vulnerability affects components beyond the initially vulnerable component. The impact on confidentiality and integrity is low, with no impact on availability. There are no known exploits in the wild, and no official patches or vendor information are currently available. The vulnerability primarily affects WordPress sites using this specific plugin, which is used to display cookie consent banners to comply with privacy regulations. Stored XSS can lead to session hijacking, privilege escalation, or redirection to malicious sites if exploited by a high-privilege user, potentially compromising the entire WordPress installation and its users.

For European organizations, this vulnerability poses a moderate risk, especially for those relying on WordPress websites with the Beautiful Cookie Consent Banner plugin installed. Given the plugin's role in managing cookie consent—a critical component for GDPR compliance—exploitation could undermine user trust and regulatory adherence. An attacker with administrative access could inject malicious scripts that execute in the context of the website, potentially stealing sensitive user data, including personal information protected under GDPR. This could lead to data breaches, reputational damage, and regulatory penalties. Additionally, since the vulnerability can be exploited even when unfiltered_html is disabled, multisite WordPress installations common in large organizations or hosting providers are also at risk. The impact is primarily on confidentiality and integrity, with no direct availability impact. However, the breach of trust and potential data leakage could have significant legal and financial consequences for European entities.

1. Immediate upgrade to version 2.9.1 or later of the Beautiful Cookie Consent Banner plugin once available, as this will likely include the necessary sanitization and escaping fixes. 2. Until a patch is available, restrict administrative access strictly to trusted personnel and enforce strong authentication mechanisms (e.g., MFA) to reduce the risk of a high-privilege user account compromise. 3. Conduct a thorough audit of all plugin settings and stored content to identify and remove any suspicious or unexpected scripts or HTML code. 4. Implement Content Security Policy (CSP) headers to limit the execution of unauthorized scripts on the website. 5. Regularly monitor WordPress logs and user activities for unusual behavior indicative of exploitation attempts. 6. For multisite environments, review and tighten capability assignments to minimize the number of users with high privileges. 7. Educate administrators on the risks of stored XSS and safe plugin configuration practices. 8. Consider using web application firewalls (WAF) with rules targeting XSS payloads to provide an additional layer of defense.