CVE-2023-25978: 
WordPress vulnerability analysis and mitigation

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability was discovered in Nate Reist Protected Posts Logout Button WordPress plugin affecting versions up to and including 1.4.5. The vulnerability was reported on February 1, 2023, and published on February 20, 2023 by Patchstack (Patchstack Advisory).

The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation) with a CVSS v3.1 base score of 5.9 (Medium) according to Patchstack, and 4.8 (Medium) according to NVD. The CVSS vector string is CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N, indicating that the vulnerability requires high privileges and user interaction to exploit (NVD Details).

This vulnerability could allow a malicious actor with administrative privileges to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts would be executed when guests visit the affected site (Patchstack Advisory).

The vulnerability has been fixed in version 1.4.6 of the plugin. Users are advised to update to version 1.4.6 or later to remove the vulnerability. The software is noted as potentially abandoned as it hasn't been updated for over a year, and users should consider replacing it with an alternative solution (Patchstack Advisory).