CVE-2023-45768: 
WordPress vulnerability analysis and mitigation

A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Stephanie Leary Next Page WordPress plugin versions 1.5.2 and below. The vulnerability was identified on October 12, 2023, and requires administrator or higher privileges to exploit (Patchstack, WPScan).

The vulnerability exists because the plugin does not properly validate and escape certain parameters, allowing users with admin privileges to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed, such as in multisite setups. The vulnerability has been assigned a CVSS v3.1 base score of 4.8 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N. The vulnerability is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation) (NVD, WPScan).

A successful exploitation could allow an attacker with administrative privileges to inject malicious scripts into specific pages of the interface, potentially leading to the execution of arbitrary script code in the context of the interface or access to sensitive, browser-based information (Patchstack).

At the time of reporting, there is no known official fix available for this vulnerability. No specific workarounds have been published (Patchstack).