CVE-2023-0379: 
WordPress vulnerability analysis and mitigation

CVE-2023-0379 is a stored Cross-Site Scripting (XSS) vulnerability affecting the WordPress plugin Spotlight Social Feeds versions prior to 1.4.3. The vulnerability was discovered and publicly disclosed on January 23, 2023. The issue affects users with contributor-level permissions and above in WordPress installations using the vulnerable plugin versions (WPScan).

The vulnerability exists because the plugin fails to properly validate and escape block options before outputting them back in a page/post where the block is embedded. This specifically affects the 'Spotlight Instagram Feed' Gutenberg block's Additional CSS classes field. The vulnerability has been assigned a CVSS score of 6.8 (medium) and is classified as CWE-79: Cross-Site Scripting (WPScan).

The vulnerability allows authenticated users with contributor-level access or higher to perform Stored Cross-Site Scripting attacks. When successfully exploited, attackers can inject malicious JavaScript code that executes in visitors' browsers when viewing affected pages (WPScan).

The vulnerability has been fixed in version 1.4.3 of the Spotlight Social Feeds plugin. Users are advised to update to this version or later to mitigate the risk (WPScan).