CVE-2023-23785: 
WordPress vulnerability analysis and mitigation

A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the DgCult Exquisite PayPal Donation WordPress plugin versions 2.0.0 and below. The vulnerability was identified on January 18, 2023, and publicly disclosed on February 20, 2023. This security issue affects authenticated users with administrative privileges (Patchstack).

The vulnerability is classified as a Stored Cross-Site Scripting (XSS) issue, identified as CVE-2023-23785. It received a CVSS v3.1 base score of 4.8 (Medium) from NIST with a vector string of CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N, while Patchstack assessed it with a slightly higher CVSS score of 5.9 (Medium). The vulnerability is categorized under CWE-79 (Improper Neutralization of Input During Web Page Generation) (NVD).

The vulnerability could allow malicious actors to inject harmful scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts would be executed when visitors access the affected site. The impact is considered low severity and is unlikely to be exploited, though it could potentially compromise website integrity (Patchstack).

As of the latest reports, no official fix has been made available for this vulnerability. Users of the affected plugin versions (2.0.0 and below) should consider implementing additional security measures or potentially removing the plugin until a patch is released (Patchstack).