CVE-2023-25460: 
WordPress vulnerability analysis and mitigation

The CVE-2023-25460 is a Stored Cross-Site Scripting (XSS) vulnerability affecting the CodeSolz Easy Ad Manager WordPress plugin versions 1.0.0 and below. The vulnerability was discovered by Lokesh Dachepalli and was initially reported on February 7, 2023, with public disclosure occurring on April 19, 2023 (Patchstack).

The vulnerability exists because the plugin fails to properly sanitize and escape certain settings, potentially allowing high-privilege users such as administrators to perform Stored Cross-Site Scripting attacks, even in environments where the unfiltered_html capability is disabled, such as in multisite setups. The vulnerability has been assigned a CVSS v3.1 base score of 4.8 (Medium) by NVD with a vector string of CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N, while Patchstack rates it at 5.9 (Medium) (NVD, WPScan).

This vulnerability could enable malicious actors to inject harmful scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts would execute when visitors access the affected site. The impact is considered low severity due to the high privileges required for exploitation (Patchstack).

Currently, there is no official fix available for this vulnerability. Given the low severity impact and the requirement for administrative privileges, the security issue is considered to have minimal risk (Patchstack).