CVE-2023-4514: 
WordPress vulnerability analysis and mitigation

The Mmm Simple File List WordPress plugin through version 2.3 contains a stored Cross-Site Scripting (XSS) vulnerability. The vulnerability was discovered in 2023 and assigned CVE-2023-4514. The issue affects the plugin's shortcode functionality where certain attributes are not properly validated and escaped before being output back in pages or posts (WPScan).

The vulnerability stems from improper validation and escaping of shortcode attributes in the plugin. When these attributes are output back in pages or posts where the shortcode is embedded, it creates an opportunity for XSS attacks. The vulnerability has been assigned a CVSS v3.1 base score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. The issue is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation) (NVD).

The vulnerability allows users with contributor role and above to perform Stored Cross-Site Scripting attacks. When successfully exploited, attackers can inject malicious JavaScript code that executes in the context of other users' browsers when they view the affected pages (WPScan).

As of the latest reports, there is no known fix available for this vulnerability in the Mmm Simple File List WordPress plugin (WPScan).