CVE-2023-0067: 
WordPress vulnerability analysis and mitigation

The Timed Content WordPress plugin before version 2.73 contains a stored Cross-Site Scripting (XSS) vulnerability. The vulnerability was discovered on January 24, 2023, and was assigned CVE-2023-0067. The issue affects the plugin's shortcode functionality where certain attributes are not properly validated and escaped before being output in pages or posts (WPScan).

The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation) with a CVSS v3.1 base score of 5.4 (Medium). The attack vector is network-based (AV:N) with low attack complexity (AC:L), requiring low privileges (PR:L) and user interaction (UI:R). The scope is changed (S:C) with low confidentiality (C:L) and integrity (I:L) impacts, and no availability impact (A:N) (NVD).

The vulnerability allows users with contributor role and above to perform Stored Cross-Site Scripting attacks by injecting malicious scripts through shortcode attributes. These scripts would then be executed when other users view the affected pages or posts (WPScan).

The vulnerability has been fixed in version 2.73 of the Timed Content WordPress plugin. Users are advised to update to this version or later to mitigate the security risk (WPScan).