CVE-2023-0065: 
WordPress vulnerability analysis and mitigation

The vulnerability CVE-2023-0065 affects the i2 Pros & Cons WordPress plugin through version 1.3.1. The vulnerability was discovered by Lana Codes and was publicly disclosed on February 13, 2023. The issue exists in the plugin's shortcode functionality where it fails to properly validate and escape certain attributes (WPScan).

This vulnerability is classified as a Stored Cross-Site Scripting (XSS) vulnerability with a CVSS score of 6.8 (medium severity). The technical issue stems from improper validation and escaping of shortcode attributes before they are output back in pages or posts where the shortcode is embedded. The vulnerability is tracked as CWE-79 and falls under the OWASP Top 10 category A7: Cross-Site Scripting (XSS) (WPScan).

The vulnerability allows users with contributor role and above to perform Stored Cross-Site Scripting attacks. This means that malicious actors with appropriate access levels can inject malicious scripts that will be stored on the target site and executed when other users view the affected pages (WPScan).

As of the last update, there is no known fix available for this vulnerability. Users of the i2 Pros & Cons WordPress plugin should consider implementing additional security measures or temporarily disabling the plugin until a patch is released (WPScan).