CVE-2023-1325: 
WordPress vulnerability analysis and mitigation

CVE-2023-1325 is a stored Cross-Site Scripting (XSS) vulnerability affecting the Easy Forms for MailChimp WordPress plugin versions below 6.8.7. The vulnerability was discovered and publicly disclosed on March 27, 2023. The issue affects the plugin's shortcode functionality and impacts WordPress installations using the vulnerable versions of yikes-inc-easy-mailchimp-extender plugin (WPScan).

The vulnerability stems from improper validation and escaping of shortcode attributes before they are output back in a page or post where the shortcode is embedded. The vulnerability has been assigned a CVSS score of 6.8 (medium severity) and is classified under CWE-79. The issue specifically relates to the plugin's handling of shortcode attributes in the unsubscribe functionality (WPScan).

This vulnerability allows users with contributor-level access and above to perform Stored Cross-Site Scripting attacks. When successfully exploited, attackers can inject malicious JavaScript code that executes in visitors' browsers when they view the affected pages (WPScan).

The vulnerability has been fixed in version 6.8.7 of the Easy Forms for MailChimp plugin. Site administrators are advised to update to this version or later to protect against this security issue (WPScan).