CVE-2023-30754: 
WordPress vulnerability analysis and mitigation

An unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the WordPress AdFoxly – Ad Manager, AdSense Ads & Ads.Txt plugin affecting versions 1.8.5 and below. The vulnerability was reported on February 11, 2023, and was publicly disclosed on April 14, 2023 (Patchstack Advisory).

The vulnerability is classified as a Cross-Site Scripting (XSS) issue, falling under the CWE-79 category (Improper Neutralization of Input During Web Page Generation). It received a CVSS v3.1 base score of 6.1 (MEDIUM) from NIST with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, while Patchstack assessed it with a higher CVSS score of 7.1 (HIGH) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L (NVD).

This vulnerability could allow malicious actors to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the affected website. These injected scripts would be executed when visitors access the compromised site (Patchstack Advisory).

No official fix is currently available for this vulnerability. However, Patchstack has issued a virtual patch to mitigate the issue by blocking potential attacks until an official fix becomes available. Website administrators are advised to implement the virtual patch immediately (Patchstack Advisory).