CVE-2023-30779: 
WordPress vulnerability analysis and mitigation

An unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the WordPress Query Wrangler plugin versions 1.5.51 and below. The vulnerability was identified on April 19, 2023, and was assigned the identifier CVE-2023-30779 (Patchstack).

The vulnerability is classified as a Cross-Site Scripting (XSS) issue with a CVSS v3.1 base score of 6.1 (Medium) according to NVD, while Patchstack rates it at 7.1 (High). The CVSS vector string is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, indicating that the vulnerability is network-accessible, requires low attack complexity, needs no privileges, but does require user interaction (NVD).

This vulnerability could allow malicious actors to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts would be executed when visitors access the affected site (Patchstack).

The vulnerability has been fixed in version 1.5.52 of the Query Wrangler plugin. Users are advised to update to this version or later to resolve the security issue. For users unable to update immediately, Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks (Patchstack).