CVE-2023-31236: 
WordPress vulnerability analysis and mitigation

A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the unFocus Projects Scripts n Styles WordPress plugin, affecting versions 3.5.7 and below. The vulnerability was initially reported on April 26, 2023, and was publicly disclosed on May 18, 2023. This security issue was assigned CVE-2023-31236 (Patchstack).

The vulnerability stems from the plugin's failure to properly sanitize and escape certain settings, potentially allowing high-privilege users such as administrators to perform Stored Cross-Site Scripting attacks, even in scenarios where the unfiltered_html capability is disabled, such as in multisite setups. The vulnerability has been assigned a CVSS v3.1 base score of 4.8 (MEDIUM) by NVD with a vector string of CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N, while Patchstack assessed it with a score of 5.9 (MEDIUM) (NVD, WPScan).

The vulnerability could enable malicious actors with administrative access to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts would then be executed when visitors access the affected site (Patchstack).

The vulnerability has been patched in version 3.5.8 of the Scripts n Styles plugin. Users are advised to update to version 3.5.8 or later to remediate this security issue. It's worth noting that the software appears to be abandoned, as it hasn't been updated for over a year, and users should consider finding alternative solutions (Patchstack).