CVE-2023-25028: 
WordPress vulnerability analysis and mitigation

The CVE-2023-25028 is a Stored Cross-Site Scripting (XSS) vulnerability affecting the chuyencode CC Custom Taxonomy WordPress plugin versions 1.0.1 and below. The vulnerability was discovered by Nithissh S and was initially reported on January 30, 2023, with public disclosure occurring on February 2, 2023 (Patchstack).

The vulnerability is classified as an authenticated stored XSS issue that requires administrator-level access for exploitation. It has received varying CVSS scores, with the NVD assigning a base score of 4.8 (MEDIUM) with vector CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N, while Patchstack rates it at 5.9 (MEDIUM) with vector CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L. The vulnerability is categorized under CWE-79 (Improper Neutralization of Input During Web Page Generation) (NVD).

This vulnerability could allow a malicious actor with administrative access to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts would then be executed when visitors access the affected site (Patchstack).

As of the latest reports, no official fix has been released for this vulnerability. Given the low severity impact and the requirement for administrative access, the risk is considered minimal (Patchstack).