CVE-2023-47184: 
WordPress vulnerability analysis and mitigation

CVE-2023-47184 is a Stored Cross-Site Scripting (XSS) vulnerability affecting the Admin Bar & Dashboard Access Control WordPress plugin versions 1.2.8 and below, discovered by Rachit Arora and disclosed on October 31, 2023. The vulnerability affects installations where unfilteredhtml has been disabled and multi-site installations ([Patchstack](https://patchstack.com/database/vulnerability/admin-bar-dashboard-control/wordpress-admin-bar-dashboard-access-control-plugin-1-2-8-cross-site-scripting-xss-vulnerability?s_id=cve), WPScan).

The vulnerability is classified as a Stored Cross-Site Scripting (XSS) issue (CWE-79) that occurs due to insufficient input sanitization and output escaping in the plugin's admin settings. The CVSS v3.1 base score is 4.8 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N (NVD).

The vulnerability allows authenticated attackers with administrator-level permissions to inject arbitrary web scripts into pages. These injected scripts will execute whenever a user accesses the affected page. The impact is limited to multi-site installations and installations where unfiltered_html has been disabled (WPScan).

The vulnerability has been patched in version 1.2.9 of the Admin Bar & Dashboard Access Control plugin. Users are advised to update to this version or later to resolve the security issue (Patchstack).