CVE-2023-47817: 
WordPress vulnerability analysis and mitigation

The CVE-2023-47817 is a Cross-site Scripting (XSS) vulnerability affecting the Daily Prayer Time WordPress plugin versions up to and including 2023.10.13. The vulnerability was discovered by Ngô Thiên An (ancorn) and publicly disclosed on November 15, 2023. This security issue affects the mmrs151 Daily Prayer Time plugin and stems from insufficient input sanitization and output escaping on user-supplied attributes ([Patchstack](https://patchstack.com/database/vulnerability/daily-prayer-time-for-mosques/wordpress-daily-prayer-time-plugin-2023-10-13-cross-site-scripting-xss-vulnerability?s_id=cve), WPScan).

The vulnerability is classified as an Improper Neutralization of Input During Web Page Generation (CWE-79) issue. It received a CVSS v3.1 base score of 5.4 (Medium) from NIST with a vector string of CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, while Patchstack assessed it with a slightly higher score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L (NVD).

The vulnerability allows authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts into pages. These malicious scripts will execute whenever a user accesses an injected page, potentially leading to compromised user sessions, data theft, or site defacement (WPScan).

The vulnerability has been fixed in version 2023.10.21 of the Daily Prayer Time plugin. Users are advised to update to this version or later to remove the vulnerability (Patchstack).