CVE-2023-45750: 
WordPress vulnerability analysis and mitigation

A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in POSIMYTH's Nexter Extension WordPress plugin versions 2.0.3 and below. The vulnerability was reported on June 13, 2023, and publicly disclosed on October 12, 2023. This security issue affects the WordPress plugin ecosystem and was assigned the identifier CVE-2023-45750 (Patchstack).

The vulnerability is classified as a Reflected Cross-Site Scripting (XSS) issue, categorized under CWE-79 (Improper Neutralization of Input During Web Page Generation). According to the National Vulnerability Database, it received a CVSS v3.1 base score of 6.1 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. However, Patchstack assessed it with a higher CVSS score of 7.1 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L (NVD).

The vulnerability could allow malicious actors to inject harmful scripts, including redirects, advertisements, and other HTML payloads into the affected website. These injected scripts would be executed when visitors access the site, potentially compromising user security and website integrity (Patchstack).

Website administrators are advised to update to Nexter Extension version 2.0.4 or later, which contains the fix for this vulnerability. For users of Patchstack, a virtual patch has been issued to mitigate this issue by blocking potential attacks until the update can be applied (Patchstack).