CVE-2023-28695: 
WordPress vulnerability analysis and mitigation

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability was discovered in Drew Phillips VigilanTor WordPress plugin versions 1.3.10 and earlier. The vulnerability was reported on January 9, 2023, and published on March 21, 2023. The issue was fixed in version 1.3.11 (Patchstack).

The vulnerability is classified as a Cross-Site Scripting (XSS) issue that affects authenticated users with administrator privileges. It has been assigned a CVSS v3.1 base score of 5.9 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L. The vulnerability falls under the OWASP Top 10 category A7: Cross-Site Scripting (XSS) (Patchstack).

This vulnerability could allow a malicious actor with administrator privileges to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into the website. These injected scripts would be executed when guests visit the affected site (Patchstack).

Users are advised to update to version 1.3.11 or later to remove the vulnerability. The security issue has been classified as having a low severity impact and is considered unlikely to be exploited. For users unable to update immediately, it is recommended to consider replacing the software with an alternative solution as the plugin appears to be abandoned (Patchstack).