CVE-2023-3708: 
WordPress vulnerability analysis and mitigation

CVE-2023-3708 affects several WordPress themes developed by DeoThemes, where a Reflected Cross-Site Scripting vulnerability was discovered via breadcrumbs functionality. The vulnerability was publicly disclosed on July 17, 2023, affecting multiple themes including Medikaid (versions before 1.1.3), Amela (versions before 1.0.14), Arendelle, Nokke, and Everse (NVD).

The vulnerability stems from insufficient input sanitization and output escaping in the breadcrumbs feature across multiple DeoThemes WordPress themes. It has been assigned a CVSS v3.1 base score of 6.1 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N (Wordfence).

The vulnerability allows unauthenticated attackers to inject arbitrary web scripts that execute when users perform specific actions, such as clicking on a malicious link. This could lead to the compromise of user sessions and potential theft of sensitive information (NVD).

The vulnerability has been patched in updated versions of the affected themes: Medikaid (version 1.1.3), Amela (version 1.0.14), and other affected themes. Users are strongly advised to update to the latest versions of these themes to mitigate the security risk (Medikaid Changelog).