CVE-2023-30492: 
WordPress vulnerability analysis and mitigation

A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Vark Minimum Purchase for WooCommerce plugin versions 2.0.0.1 and below. The vulnerability was identified on April 11, 2023, and publicly disclosed on October 16, 2023. This security issue affects WordPress installations using the vulnerable plugin versions and requires contributor or higher privileges to exploit (Patchstack).

The vulnerability is classified as a Stored Cross-Site Scripting (XSS) issue, identified as CVE-2023-30492. The plugin fails to properly validate and escape certain parameters, which could allow authenticated users with contributor-level access or higher to perform Stored XSS attacks. The vulnerability has received a CVSS v3.1 base score of 5.4 (Medium) from NVD with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, while Patchstack assigned it a score of 6.5 (Medium). The weakness is categorized under CWE-79 (Improper Neutralization of Input During Web Page Generation) (NVD, WPScan).

The vulnerability could allow malicious actors with contributor-level access to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts would be executed when guests visit the affected site (Patchstack).

As of the latest reports, there is no official fix available for this vulnerability. The security issue has been assessed as having a low severity impact and is considered unlikely to be exploited (Patchstack).