CVE-2023-32499: 
WordPress vulnerability analysis and mitigation

A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the WordPress Radio Station plugin by netmix® (versions <= 2.4.0.9). The vulnerability was reported on March 31, 2023, by researcher minhtuanact and was officially published on May 9, 2023. This security issue affects the WordPress plugin that helps manage and play show schedules (Patchstack).

The vulnerability is tracked as CVE-2023-32499 and has received varying CVSS scores from different sources. The National Vulnerability Database (NVD) assigned a CVSS v3.1 base score of 6.1 (Medium) with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, while Patchstack rated it at 7.1 (High) with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. The vulnerability is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation) (NVD).

This Cross-Site Scripting vulnerability could allow malicious actors to inject harmful scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts would be executed when visitors access the affected site, potentially compromising user security and website integrity (Patchstack).

Website administrators are advised to update the Radio Station plugin to version 2.5.0 or later, which contains the fix for this vulnerability. For users of Patchstack, a virtual patch has been issued to mitigate this issue by blocking potential attacks until the update can be applied (Patchstack).