CVE-2023-47657: 
WordPress vulnerability analysis and mitigation

A Stored Cross-Site Scripting (XSS) vulnerability was discovered in GrandPlugins Direct Checkout – Quick View – Buy Now For WooCommerce plugin versions 1.5.8 and below. The vulnerability was identified on November 7, 2023, and tracked as CVE-2023-47657. This security issue affects WordPress installations using the vulnerable plugin versions and requires authentication with Shop Manager or higher privileges (Patchstack).

The vulnerability is classified as a Stored Cross-Site Scripting (XSS) issue via custom CSS code, stemming from insufficient input sanitization and output escaping. It has received a CVSS v3.1 base score of 5.9 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L. The vulnerability is categorized under CWE-79 (Improper Neutralization of Input During Web Page Generation) (WPScan).

When exploited, this vulnerability allows authenticated attackers with shop manager-level access or above to inject arbitrary web scripts into pages. These malicious scripts will execute whenever a user accesses an injected page, potentially leading to unauthorized actions, data theft, or site manipulation (WPScan).

The vulnerability has been patched in version 1.5.9 of the plugin. Site administrators are advised to update to this version or later to resolve the security issue. The fix addresses the input sanitization and output escaping issues that led to the XSS vulnerability (Patchstack).