CVE-2023-3996: 
WordPress vulnerability analysis and mitigation

The ARMember Lite - Membership Plugin for WordPress contains a Stored Cross-Site Scripting vulnerability (CVE-2023-3996) affecting versions up to and including 4.0.14. The vulnerability was discovered in the admin settings section and is due to insufficient input sanitization and output escaping (Wordfence).

The vulnerability allows authenticated attackers with administrator-level permissions to inject arbitrary web scripts into pages that execute whenever a user accesses the injected page. This vulnerability only affects multi-site installations and installations where unfiltered_html has been disabled. The CVSS v3.1 base score is 4.8 (Medium) with vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N (NVD).

When exploited, the vulnerability allows attackers with admin privileges to inject malicious scripts that execute in users' browsers when they visit affected pages. This could potentially lead to theft of sensitive information or manipulation of user sessions.

The vulnerability has been patched in version 4.0.17 of the ARMember Lite plugin. Site administrators should update to this version or later to protect against this security issue (WPScan).