CVE-2023-1420: 
WordPress vulnerability analysis and mitigation

CVE-2023-1420 affects the Ajax Search Lite WordPress plugin versions before 4.11.1 and Ajax Search Pro WordPress plugin versions before 4.26.2. The vulnerability was discovered and publicly disclosed on April 3, 2023. This security issue involves a Reflected Cross-Site Scripting (XSS) vulnerability that stems from improper parameter sanitization and escaping in AJAX actions (WPScan).

The vulnerability is classified as a Cross-Site Scripting (XSS) issue with a CVSS score of 7.5 (high severity). The technical root cause involves the plugin's failure to properly sanitize and escape a parameter before outputting it back in an AJAX action response. This vulnerability is categorized under OWASP Top 10 A7: Cross-Site Scripting (XSS) and CWE-79 (WPScan).

The vulnerability could be exploited against high-privilege users such as administrators. When successfully exploited, it allows attackers to execute malicious scripts in the context of the targeted user's browser session, potentially leading to unauthorized access or actions being performed with administrative privileges (WPScan).

The vulnerability has been patched in Ajax Search Lite version 4.11.1 and Ajax Search Pro version 4.26.2. Users are strongly advised to update their installations to these or later versions to mitigate the security risk (WPScan).