CVE-2023-23673: 
WordPress vulnerability analysis and mitigation

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability was discovered in the I Recommend This WordPress plugin versions 3.8.3 and below, developed by Harish Chouhan and Themeist. The vulnerability was initially reported on January 11, 2023, and was assigned CVE-2023-23673 (Patchstack).

The vulnerability has been assessed with a CVSS v3.1 base score of 4.8 (MEDIUM) by NVD with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N, while Patchstack assessed it with a score of 5.9 (MEDIUM). The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation) (NVD).

This vulnerability could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into the website which will be executed when guests visit the site. The vulnerability requires administrator privileges to exploit (Patchstack).

The vulnerability was patched in version 3.9.0 of the I Recommend This plugin. Users are advised to update to version 3.9.0 or later to remove the vulnerability. The fixed version can be downloaded from the plugin's GitHub repository (Patchstack).