CVE-2023-0541: 
WordPress vulnerability analysis and mitigation

The GS Books Showcase WordPress plugin, prior to version 1.3.1, contains a stored Cross-Site Scripting (XSS) vulnerability identified as CVE-2023-0541. The vulnerability was discovered and publicly disclosed on January 30, 2023. This security issue affects WordPress installations using the GS Books Showcase plugin versions below 1.3.1 (WPScan).

The vulnerability stems from improper validation and escaping of shortcode attributes in the plugin. When these attributes are output back in a page or post where the shortcode is embedded, it creates a security weakness. The vulnerability has been assigned a CVSS score of 6.8 (medium severity) and is classified under CWE-79. A proof of concept exploit involves using malicious code in the theme attribute: [gsbookshowcase theme='" onmouseover="alert(1)" style="background:red;width:100px;height:100px;"'] (WPScan).

The vulnerability allows users with contributor role and above to perform Stored Cross-Site Scripting attacks. This means malicious actors with appropriate access levels can inject and store malicious scripts that execute when other users view the affected pages (WPScan).

The vulnerability has been fixed in version 1.3.1 of the GS Books Showcase plugin. Users are advised to update to this version or later to mitigate the security risk (WPScan).