CVE-2023-47662: 
WordPress vulnerability analysis and mitigation

The CVE-2023-47662 is a Stored Cross-Site Scripting (XSS) vulnerability affecting the GoldBroker.Com Live Gold Price & Silver Price Charts Widgets WordPress plugin in versions 2.4 and below. The vulnerability was discovered by Emili Castells and was publicly disclosed on November 7, 2023. This security issue affects WordPress installations where the plugin is installed, particularly impacting multi-site installations and systems where unfilteredhtml has been disabled ([Patchstack](https://patchstack.com/database/vulnerability/gold-price-chart-widget/wordpress-live-gold-price-silver-price-charts-widgets-plugin-2-4-cross-site-scripting-xss-vulnerability?s_id=cve), WPScan).

The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation) and has received a CVSS v3.1 base score of 4.8 (Medium) from NVD with a vector string of CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N. Patchstack assigned a slightly higher CVSS score of 5.9 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L. The vulnerability stems from insufficient input sanitization and output escaping in the plugin's admin settings (NVD).

The vulnerability allows authenticated attackers with administrator-level permissions to inject arbitrary web scripts into pages. These malicious scripts will execute whenever a user accesses an affected page. The impact is particularly significant for multi-site installations and systems where unfiltered_html has been disabled (WPScan).

As of the latest reports, there is no official fix available for this vulnerability. The issue affects all versions up to and including version 2.4 of the plugin (WPScan).