CVE-2023-25461: 
WordPress vulnerability analysis and mitigation

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability was discovered in namithjawahar Wp-Insert plugin versions 2.5.0 and earlier. The vulnerability was identified and published on February 15, 2023, and was assigned CVE-2023-25461. The affected software is the WordPress Wp-Insert plugin up to version 2.5.0, with the issue being fixed in version 2.5.1 (Patchstack).

The vulnerability is classified as a Stored Cross-Site Scripting (XSS) issue with a CVSS Base Score of 5.9 MEDIUM (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L). The vulnerability is tracked under CWE-79 (Improper Neutralization of Input During Web Page Generation). The issue requires administrator privileges to exploit (NVD).

A successful exploitation of this vulnerability could allow an attacker to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into the website which will be executed when guests visit the site. The impact is considered low severity but could affect website functionality and user experience (Patchstack).

The vulnerability has been fixed in version 2.5.1 of the Wp-Insert plugin. Users are advised to update to version 2.5.1 or later to remove the vulnerability. No alternative workarounds are available (Patchstack).