CVE-2023-0060: 
WordPress vulnerability analysis and mitigation

The Responsive Gallery Grid WordPress plugin (versions before 2.3.9) was identified with a security vulnerability tracked as CVE-2023-0060. The vulnerability was discovered on January 5, 2023, and publicly disclosed on January 17, 2023. This security issue affects the plugin's shortcode functionality, specifically impacting WordPress installations using vulnerable versions of the Responsive Gallery Grid plugin (CVE MITRE, WPScan).

The vulnerability is classified as a Stored Cross-Site Scripting (XSS) issue, stemming from improper validation and escaping of shortcode attributes. The vulnerability has been assigned a CVSS v3.1 base score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. It is categorized under CWE-79, which relates to improper neutralization of input during web page generation (NVD).

The vulnerability allows users with contributor-level privileges or higher to perform Stored Cross-Site Scripting attacks. When successfully exploited, attackers can inject malicious scripts into pages or posts where the shortcode is embedded, potentially affecting users who view these pages (WPScan).

The vulnerability has been patched in version 2.3.9 of the Responsive Gallery Grid plugin. Users are advised to update to this version or later to mitigate the security risk (WPScan).