CVE-2023-22716: 
WordPress vulnerability analysis and mitigation

A Cross-Site Scripting (XSS) vulnerability was discovered in the OOPSpam Anti-Spam WordPress plugin versions 1.1.35 and below. The vulnerability was reported on January 9, 2023, and publicly disclosed on January 17, 2023. This security issue affects websites using the vulnerable versions of the OOPSpam Anti-Spam plugin (Patchstack).

The vulnerability is classified as an authenticated Cross-Site Scripting (XSS) issue, requiring administrator-level privileges to exploit. It has been assigned CVE-2023-22716 and received a CVSS v3.1 base score of 4.8 (Medium) from NIST with a vector string of CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N. Patchstack assigned a slightly higher CVSS score of 5.9 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L (NVD).

The vulnerability could allow a malicious actor with administrative access to inject malicious scripts into the website. These scripts could potentially be used to create redirects, insert unwanted advertisements, or execute other HTML payloads that would affect visitors to the affected website (Patchstack).

The vulnerability has been fixed in version 1.1.36 of the OOPSpam Anti-Spam plugin. Website administrators are advised to update to version 1.1.36 or later to remove the vulnerability. Due to the low severity impact and unlikely exploitation potential, this security issue is considered a low priority update (Patchstack).