CVE-2023-0276: 
WordPress vulnerability analysis and mitigation

CVE-2023-0276 is a security vulnerability affecting the Weaver Xtreme Theme Support WordPress plugin versions before 6.2.7. The vulnerability was discovered and publicly disclosed on March 29, 2023. The issue affects the plugin's shortcode functionality, specifically impacting WordPress installations using the Weaver Xtreme theme (WPScan).

The vulnerability stems from improper validation and escaping of shortcode attributes before they are output back in pages or posts where the shortcode is embedded. The vulnerability has been assigned a CVSS score of 6.8 (medium severity) and is classified as a Stored Cross-Site Scripting (XSS) vulnerability, categorized under CWE-79. Multiple shortcode attributes are affected, including background, border_rule, border_radius, color, margin, padding, and style attributes (WPScan).

The vulnerability allows users with contributor role and above to perform Stored Cross-Site Scripting attacks. This means that malicious actors with appropriate access levels can inject malicious scripts that persist in the website's database and execute when other users view the affected pages (WPScan).

The vulnerability has been fixed in version 6.2.7 of the Weaver Xtreme Theme Support plugin. Website administrators are advised to update to this version or later to mitigate the risk (WPScan).