CVE-2023-0061: 
WordPress vulnerability analysis and mitigation

The Judge.me Product Reviews for WooCommerce WordPress plugin before version 1.3.21 contains a stored Cross-Site Scripting (XSS) vulnerability identified as CVE-2023-0061. The vulnerability was discovered on January 17, 2023, and affects users with contributor role and above who can exploit shortcode attributes (WPScan).

The vulnerability stems from the plugin's failure to validate and escape certain shortcode attributes before outputting them back in a page or post where the shortcode is embedded. The issue has been assigned a CVSS v3.1 base score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. The vulnerability is classified as CWE-79: Cross-Site Scripting (NVD).

When exploited, this vulnerability allows authenticated users with contributor privileges or higher to perform Stored Cross-Site Scripting attacks. This could potentially lead to the execution of malicious JavaScript code in users' browsers who view the affected pages (WPScan).

The vulnerability has been patched in version 1.3.21 of the Judge.me Product Reviews for WooCommerce plugin. Users are advised to update to this version or later to mitigate the security risk (WPScan).