CVE-2023-3118: 
WordPress vulnerability analysis and mitigation

The Export All URLs WordPress plugin before version 4.6 contains a Reflected Cross-Site Scripting (XSS) vulnerability identified as CVE-2023-3118. The vulnerability was discovered on June 19, 2023, and affects the plugin's parameter handling functionality. The issue exists because the plugin fails to properly sanitize and escape parameters before outputting them back in the page (WPScan, NVD).

The vulnerability stems from improper input validation where the plugin does not sanitize and escape parameters before reflecting them back in the page output. This security flaw has been assigned a CVSS v3.1 base score of 6.1 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. The vulnerability is classified as CWE-79: Cross-Site Scripting (NVD).

The vulnerability could be exploited to perform a Reflected Cross-Site Scripting attack specifically targeting high-privilege users such as administrators. If successfully exploited, it could allow attackers to execute arbitrary JavaScript code in the context of the targeted user's browser session (WPScan).

The vulnerability has been fixed in version 4.6 of the Export All URLs plugin. Users are strongly advised to update to this version or later to mitigate the security risk (WPScan).