CVE-2023-47646: 
WordPress vulnerability analysis and mitigation

A Stored Cross-Site Scripting (XSS) vulnerability was identified in CedCommerce Recently viewed and most viewed products WordPress plugin versions 1.1.1 and below. The vulnerability was discovered by Emili Castells on May 30, 2023, and was officially published on November 7, 2023. This security issue affects authenticated users with Shop Manager or higher privileges (Patchstack).

The vulnerability has been assigned CVE-2023-47646 and is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation). It received a CVSS v3.1 base score of 5.9 (Medium) from Patchstack with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L, while NIST assigned a slightly lower score of 4.8 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N (NVD).

The vulnerability could allow a malicious actor to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts would be executed when guests visit the affected site (Patchstack).

As of the vulnerability disclosure, no official fix has been made available for this security issue. Given its low severity impact, Patchstack has deemed a virtual patch unnecessary (Patchstack).