CVE-2023-2450: 
WordPress vulnerability analysis and mitigation

The vulnerability CVE-2023-2450 affects FiboSearch – AJAX Search for WooCommerce plugin versions below 1.24.0. The security flaw was discovered by Ivan Kuzymchak and publicly disclosed on June 8, 2023. This vulnerability specifically impacts the plugin's admin settings in WordPress installations (WPScan).

The vulnerability is classified as a Stored Cross-Site Scripting (XSS) issue, stemming from insufficient input sanitization and output escaping in the admin settings. The severity is rated as medium with a CVSS score of 4.4. The vulnerability is categorized under CWE-79 and falls into the OWASP Top 10 category A7: Cross-Site Scripting (XSS) (WPScan).

This vulnerability particularly affects multi-site installations and instances where unfiltered_html is disabled. When exploited, it allows authenticated attackers with administrator-level access to execute stored cross-site scripting attacks through the admin settings pages (WPScan).

The vulnerability has been patched in version 1.24.0 of the FiboSearch – AJAX Search for WooCommerce plugin. Users are advised to update to this version or later to mitigate the security risk (WPScan).