CVE-2023-48780: 
WordPress vulnerability analysis and mitigation

A Stored Cross-Site Scripting (XSS) vulnerability was discovered in EnigmaWeb WP Catalogue plugin versions up to 1.7.6. The vulnerability was reported on June 15, 2023, by Abdi Pranata and was officially published on November 28, 2023. This security issue was assigned CVE-2023-48780 and affects the WordPress plugin WP Catalogue through version 1.7.6 (Patchstack).

The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation) and has received a CVSS v3.1 base score of 6.5 (Medium) from Patchstack and 5.4 (Medium) from NIST. The CVSS vector string is CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L, indicating that the vulnerability requires low attack complexity and limited privileges to exploit (NVD).

The vulnerability could allow malicious actors to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts would be executed when visitors access the affected site. The impact is considered to have low severity and is deemed unlikely to be exploited (Patchstack).

As of the latest reports, no official fix is available for this vulnerability. The issue affects WP Catalogue versions up to 1.7.6, and users are advised to implement general XSS prevention measures until an official patch is released (Patchstack).