CVE-2023-23788: 
WordPress vulnerability analysis and mitigation

A Stored Cross-Site Scripting (XSS) vulnerability was identified in the Florin Arjocu Custom More Link Complete WordPress plugin versions 1.4.1 and below. The vulnerability was discovered by Rio Darmawan on January 10, 2023, and was officially published by Patchstack on March 30, 2023. This security issue requires administrator-level authentication to exploit (Patchstack Advisory).

The vulnerability has been assigned CVE-2023-23788 and received varying CVSS scores from different sources. The National Vulnerability Database (NVD) assessed it with a CVSS v3.1 base score of 4.8 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N, while Patchstack rated it at 5.9 (Medium) with the vector CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L. The vulnerability is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation) (NVD).

The vulnerability could allow a malicious actor with administrator privileges to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts would be executed when guests visit the affected site (Patchstack Advisory).

As of the latest reports, no official fix is available for this vulnerability. Given the low severity impact and the requirement for administrator-level access, Patchstack has deemed a virtual patch unnecessary (Patchstack Advisory).