CVE-2023-32239: 
WordPress vulnerability analysis and mitigation

A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the xtemos WoodMart WordPress theme versions 7.2.1 and below. The vulnerability was identified on May 11, 2023, and assigned CVE-2023-32239. The issue affects users with subscriber-level privileges or higher (Patchstack).

The vulnerability stems from improper sanitization and escaping of certain parameters in the WoodMart theme. It has been classified as CWE-79 (Improper Neutralization of Input During Web Page Generation). The vulnerability received a CVSS v3.1 base score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N (NVD, WPScan).

The vulnerability allows malicious actors with subscriber-level access to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts are then executed when visitors access the affected site (Patchstack).

The vulnerability was patched in WoodMart theme version 7.2.2. Users are advised to update to version 7.2.2 or later to resolve the issue. Additionally, Patchstack has issued a virtual patch to mitigate this vulnerability by blocking potential attacks until users can update to the fixed version (Patchstack).