CVE-2023-24381: 
WordPress vulnerability analysis and mitigation

A Stored Cross-Site Scripting (XSS) vulnerability was discovered in NsThemes Advanced Social Pixel WordPress plugin versions 2.1.1 and below. The vulnerability was identified on January 6, 2023, and publicly disclosed on January 27, 2023. This security issue affects WordPress installations using the vulnerable plugin versions and requires administrator privileges to exploit (Patchstack).

The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation) with a CVSS v3.1 base score of 4.8 (MEDIUM) according to NIST, and 5.9 (MEDIUM) according to Patchstack. The CVSS vector string is CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N, indicating that the vulnerability requires high privileges and user interaction to exploit (NVD).

The vulnerability could allow a malicious actor with administrative access to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts would be executed when visitors access the affected site (Patchstack).

As of the vulnerability disclosure, no official fix has been made available for this security issue. Given the low severity impact, virtual patching was deemed unnecessary (Patchstack).