CVE-2023-2452: 
WordPress vulnerability analysis and mitigation

The Advanced Woo Search plugin for WordPress (versions up to and including 2.77) contains a Stored Cross-Site Scripting vulnerability (CVE-2023-2452) that affects admin settings. This security issue was discovered and disclosed in May 2023, affecting multi-site installations and installations where unfiltered_html has been disabled (NVD).

The vulnerability stems from insufficient input sanitization and output escaping in the admin settings of the Advanced Woo Search plugin. It has been assigned a CVSS v3.1 Base Score of 4.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N. The vulnerability is classified as CWE-79: Improper Neutralization of Input During Web Page Generation (NVD).

When exploited, this vulnerability allows authenticated attackers with administrator-level permissions to inject arbitrary web scripts into pages. These malicious scripts will execute whenever a user accesses the affected pages. The impact is limited to multi-site installations and installations where unfiltered_html has been disabled (NVD).

Users should update their Advanced Woo Search plugin to a version newer than 2.77. The vulnerability has been patched in subsequent releases (Wordfence).