CVE-2023-4810: 
WordPress vulnerability analysis and mitigation

The Responsive Pricing Table WordPress plugin before version 5.1.8 contains a stored Cross-Site Scripting (XSS) vulnerability identified as CVE-2023-4810. The vulnerability was discovered by Vaishnav Rajeevan and publicly disclosed on October 16, 2023. The issue affects the plugin's settings functionality where certain parameters are not properly sanitized and escaped (WPScan).

The vulnerability is classified as a stored Cross-Site Scripting (CWE-79) with a CVSS v3.1 base score of 4.8 (Medium) and vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N. The issue specifically occurs when high-privilege users such as administrators can perform stored XSS attacks even when the unfiltered_html capability is disallowed, particularly in multisite setups (NVD).

The vulnerability allows attackers with administrative access to store malicious JavaScript code in the plugin's settings, which can then be executed in other users' browsers when they view the affected pages. This could potentially lead to cookie theft, session hijacking, or other client-side attacks (PortSwigger).

The vulnerability has been patched in version 5.1.8 of the Responsive Pricing Table plugin. Users are advised to update to this version or later to mitigate the risk (WPScan).