CVE-2023-0233: 
WordPress vulnerability analysis and mitigation

A stored Cross-Site Scripting (XSS) vulnerability was discovered in ActiveCampaign WordPress plugin versions below 8.1.12. The vulnerability was identified on April 20, 2023, and assigned CVE-2023-0233. This security issue affects the ActiveCampaign subscription forms plugin, specifically impacting users with contributor-level access and above (WPScan).

The vulnerability stems from improper validation and escaping of block options in the plugin's functionality. When these options are output back in a page or post where the block is embedded, it creates a security gap. The vulnerability has been assigned a CVSS score of 6.8 (medium severity) and is classified under CWE-79. The issue specifically relates to the OWASP Top 10 category A7: Cross-Site Scripting (XSS) (WPScan).

The vulnerability allows users with contributor role and above to perform Stored Cross-Site Scripting attacks through the plugin's block options. This could potentially lead to the execution of malicious JavaScript code in users' browsers when viewing affected pages (WPScan).

The vulnerability has been patched in version 8.1.12 of the ActiveCampaign plugin. Users are advised to update their installations to this version or newer to mitigate the security risk (WPScan).