CVE-2023-27614: 
WordPress vulnerability analysis and mitigation

The Motor Racing League WordPress plugin, versions 1.9.9 and below, contains an authenticated Cross-Site Scripting (XSS) vulnerability identified as CVE-2023-27614. The vulnerability was discovered by Pavak Tiwari and was reported on March 4, 2023, with public disclosure occurring on April 14, 2023 (Patchstack).

The vulnerability is classified as a Cross-Site Scripting (XSS) issue that requires administrator-level privileges to exploit. It has received a CVSS v3.1 base score of 4.8 (MEDIUM) from NIST with a vector string of CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N, while Patchstack assessed it with a slightly higher score of 5.9 (MEDIUM) with the vector CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L (NVD).

The vulnerability could allow a malicious actor with administrative access to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts would then be executed when guests visit the affected site (Patchstack).

As of the latest reports, no official fix has been released for this vulnerability. The issue affects versions 1.9.9 and below of the Motor Racing League plugin (Patchstack).