CVE-2023-2470: 
WordPress vulnerability analysis and mitigation

The Add to Feedly WordPress plugin through version 1.2.11 contains a stored Cross-Site Scripting (XSS) vulnerability identified as CVE-2023-2470. The vulnerability was discovered by Fioravante Souza and publicly disclosed on May 2, 2023. This security issue affects the plugin's settings functionality, specifically impacting WordPress installations using the Add to Feedly plugin (WPScan).

The vulnerability stems from improper sanitization and escaping of plugin settings. This security flaw allows high-privilege users, such as administrators, to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. The vulnerability is classified as CWE-79 and has been assigned a CVSS score of 3.5 (low severity) (WPScan).

The vulnerability enables high-privilege users to inject and execute malicious JavaScript code through the plugin's settings. While the impact is somewhat limited due to the requirement of administrative access, it still presents a security risk as it bypasses WordPress's built-in security controls for HTML filtering (WPScan).

As of the vulnerability disclosure, there is no known fix available for this security issue. Users of the Add to Feedly plugin should consider implementing additional security measures or evaluating alternative solutions until a patch is released (WPScan).