CVE-2023-46312: 
WordPress vulnerability analysis and mitigation

A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in Zaytech Smart Online Order for Clover WordPress plugin versions 1.5.4 and below. The vulnerability was reported on March 23, 2023, and publicly disclosed on October 22, 2023. This security issue affects websites running the vulnerable versions of the plugin (Patchstack).

The vulnerability is classified as an unauthenticated Reflected Cross-Site Scripting (XSS) issue, identified as CVE-2023-46312. It received a CVSS v3.1 base score of 6.1 (Medium) from NVD with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, while Patchstack assessed it with a higher CVSS score of 7.1 (High). The vulnerability is categorized under CWE-79 (Improper Neutralization of Input During Web Page Generation) (NVD).

This vulnerability could allow malicious actors to inject malicious scripts, including redirects, advertisements, and other HTML payloads into affected websites. These injected scripts would be executed when guests visit the compromised sites (Patchstack).

The vulnerability has been fixed in version 1.5.5 of the plugin. Website administrators are advised to update to version 1.5.5 or later immediately. For users of Patchstack, a virtual patch has been issued to mitigate this issue by blocking potential attacks until the update can be applied (Patchstack).