CVE-2023-25783: 
WordPress vulnerability analysis and mitigation

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability was discovered in Alex Moss FireCask Like & Share Button WordPress plugin versions 1.1.5 and below. The vulnerability was publicly disclosed on February 15, 2023, and was assigned CVE-2023-25783 (Patchstack).

The vulnerability exists because the plugin does not properly sanitize and escape some of its settings, which could allow high privilege users such as administrators to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed, such as in multisite setups. The vulnerability has been assigned a CVSS v3.1 base score of 4.8 (Medium) by NVD with vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N, while Patchstack assigned it a score of 5.9 (Medium) (NVD).

A successful exploitation of this vulnerability could allow an authenticated administrator to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into the website which will be executed when guests visit the site (Patchstack).

The vulnerability has been fixed in version 1.2 of the FireCask Like & Share Button plugin. Users are advised to update to version 1.2 or later to remove the vulnerability (Patchstack).