CVE-2023-24383: 
WordPress vulnerability analysis and mitigation

The CVE-2023-24383 is a Stored Cross-Site Scripting (XSS) vulnerability affecting Kiboko Labs Namaste! LMS WordPress plugin versions 2.5.9.1 and below. The vulnerability was discovered on January 27, 2023, and requires administrator or higher privileges to exploit (Patchstack).

The vulnerability is classified as a Stored Cross-Site Scripting (XSS) issue (CWE-79) where the plugin fails to properly sanitize and escape some of its settings. This could allow high-privilege users such as administrators to perform Stored Cross-Site Scripting attacks, even when the unfiltered_html capability is disallowed, such as in multisite setups. The vulnerability has received a CVSS v3.1 base score of 4.8 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N (WPScan).

The vulnerability could allow malicious actors with administrative privileges to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts would be executed when visitors access the affected pages (Patchstack).

The vulnerability has been patched in version 2.5.9.2 of the Namaste! LMS plugin. Users are advised to update to this version or later to remove the vulnerability. Website administrators can also enable auto-updates for vulnerable plugins if they are using Patchstack security solutions (Patchstack).