CVE-2023-22698: 
WordPress vulnerability analysis and mitigation

A Cross-Site Scripting (XSS) vulnerability was discovered in the Jason Bobich Theme Blvd Responsive Google Maps WordPress plugin versions 1.0.2 and below. The vulnerability was reported on January 12, 2023, by István Márton and was officially published on January 19, 2023. This security issue affects authenticated users with contributor-level access or higher (Patchstack Advisory).

The vulnerability has been assigned CVE-2023-22698 and is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation). It received a CVSS v3.1 base score of 5.4 (MEDIUM) from NIST with a vector string of CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, while Patchstack assessed it with a slightly higher CVSS score of 6.5 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L (NVD).

The vulnerability could allow malicious actors to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts would be executed when guests visit the affected site (Patchstack Advisory).

As of the vulnerability disclosure, no official fix has been made available for this security issue. The vulnerability affects all versions up to and including 1.0.2 of the Theme Blvd Responsive Google Maps plugin (Patchstack Advisory).