CVE-2023-23870: 
WordPress vulnerability analysis and mitigation

The vulnerability (CVE-2023-23870) is a Stored Cross-Site Scripting (XSS) issue affecting the wpdevart Responsive Vertical Icon Menu WordPress plugin versions 1.5.8 and below. The vulnerability was discovered on January 8, 2023, and publicly disclosed on January 20, 2023. This security flaw specifically affects users with administrative privileges (Patchstack).

The vulnerability stems from improper sanitization and escaping of certain plugin settings, which could allow high-privilege users such as administrators to perform Stored Cross-Site Scripting attacks, even when the unfiltered_html capability is disallowed (such as in multisite setups). The vulnerability has been assigned a CVSS v3.1 base score of 4.8 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N, indicating network attack vector, low attack complexity, high privileges required, and user interaction required (NVD).

If exploited, this vulnerability could allow malicious actors to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts would be executed when guests visit the affected site. The impact is considered low to medium severity due to the high privileges required for exploitation (Patchstack).

The recommended mitigation is to update the plugin to version 1.5.9 or later, which contains the security fix. This is considered a straightforward solution to remove the vulnerability (Patchstack).