CVE-2023-47182: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability leading to a Stored Cross-Site Scripting (XSS) was discovered in the WordPress Login Screen Manager plugin versions 3.5.2 and below. The vulnerability was reported on September 20, 2023, and publicly disclosed on October 31, 2023. The affected software is the Login Screen Manager plugin developed by Nazmul Hossain Nihal for WordPress platforms (Patchstack).

The vulnerability has been assigned CVE-2023-47182 and received a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is classified under CWE-352 (Cross-Site Request Forgery). It requires no authentication to exploit and has been categorized as highly dangerous with a CVSS score of 7.1 (NVD, Patchstack).

The vulnerability could allow malicious actors to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts would be executed when guests visit the affected site, potentially compromising the security and integrity of the website (Patchstack).

As of the disclosure, no official fix is available for this vulnerability. Patchstack has issued a virtual patch to mitigate the issue by blocking potential attacks until an official fix becomes available. Website owners are advised to implement mitigation measures immediately (Patchstack).