CVE-2023-3087: 
WordPress vulnerability analysis and mitigation

CVE-2023-3087 affects the FluentSMTP plugin for WordPress in versions up to and including 2.2.4. The vulnerability was discovered and publicly disclosed on July 6, 2023. This security issue is a Stored Cross-Site Scripting (XSS) vulnerability that exists due to insufficient input sanitization and output escaping in the email subject functionality (NVD, WPScan).

The vulnerability is classified as a Stored Cross-Site Scripting (XSS) issue with a CVSS v3.1 base score of 7.2 (High). The vulnerability stems from inadequate sanitization and escaping of input in the email subject field, which allows attackers to inject malicious web scripts. The technical nature of the vulnerability is identified as CWE-79: Cross-Site Scripting (WPScan).

This vulnerability allows unauthenticated attackers to inject arbitrary web scripts that will execute whenever a user accesses an injected page. The stored nature of the XSS makes it particularly dangerous as the malicious scripts persist in the application and execute for any user viewing the affected pages (NVD).

The vulnerability has been patched in FluentSMTP version 2.2.5. Users are advised to update to this version or later to mitigate the security risk. The fix includes proper input sanitization and output escaping mechanisms (WPScan).