CVE-2023-27624: 
WordPress vulnerability analysis and mitigation

CVE-2023-27624 is an Authenticated Stored Cross-Site Scripting (XSS) vulnerability affecting the Marcelotorres Redirect After Login WordPress plugin versions 0.1.9 and below. The vulnerability was discovered by Yuki Haruma on March 10, 2023, and was publicly disclosed on April 21, 2023 (Patchstack).

The vulnerability is classified as a Cross-Site Scripting (XSS) issue, falling under the CWE-79 category (Improper Neutralization of Input During Web Page Generation). It has received multiple CVSS severity assessments: NIST assigned a CVSS v3.1 base score of 4.8 (Medium) with vector CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N, while Patchstack rated it at 5.9 (Medium) with vector CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L (NVD).

The vulnerability could allow malicious actors to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts would be executed when guests visit the affected site. The security issue has been assessed as having a low severity impact and is considered unlikely to be exploited (Patchstack).

As of the latest reports, no official fix is available for this vulnerability. The security issue has been classified as having a low priority for patching due to its limited impact and exploitation difficulty (Patchstack).