CVE-2023-4687: 
WordPress vulnerability analysis and mitigation

The CVE-2023-4687 vulnerability affects the Page Builder: Pagelayer WordPress plugin versions before 1.7.7. The vulnerability was discovered and publicly disclosed on September 25, 2023. This security flaw allows unauthenticated attackers to update a post's header or footer code on scheduled posts, potentially leading to cross-site scripting attacks (WPScan Advisory).

The vulnerability is classified as a Stored Cross-Site Scripting (XSS) issue with a CVSS v3.1 base score of 6.1 (Medium) and vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. The vulnerability is identified under CWE-79 (Cross-site Scripting). The security flaw exists due to improper authorization controls in the plugin's handling of post header and footer code modifications for scheduled posts (NVD Database).

When exploited, this vulnerability allows attackers to inject malicious JavaScript code into scheduled posts' header or footer sections. This can lead to the execution of arbitrary JavaScript in users' browsers when they view the affected posts, potentially compromising user data or enabling other client-side attacks (WPScan Advisory).

The vulnerability has been patched in version 1.7.7 of the PageLayer plugin. Website administrators are strongly advised to update to this version or later to protect against potential attacks (WPScan Advisory).