CVE-2023-4889: 
WordPress vulnerability analysis and mitigation

The Shareaholic plugin for WordPress contains a Stored Cross-Site Scripting vulnerability (CVE-2023-4889) in versions up to and including 9.7.8. The vulnerability exists in the 'shareaholic' shortcode functionality due to insufficient input sanitization and output escaping on user-supplied attributes (NVD).

The vulnerability is classified as a Cross-Site Scripting (CWE-79) issue with a CVSS v3.1 base score of 5.4 (Medium) according to NIST, and 6.4 (Medium) according to Wordfence. The attack vector is network-accessible (AV:N), requires low attack complexity (AC:L), needs low privileges (PR:L), and requires user interaction (UI:R) in a changed scope (S:C) with low confidentiality and integrity impact (NVD).

The vulnerability allows authenticated attackers with contributor-level permissions or higher to inject arbitrary web scripts into pages. These malicious scripts will execute whenever a user accesses the compromised page, potentially leading to unauthorized actions or data theft (NVD).

Users should update their Shareaholic WordPress plugin to a version newer than 9.7.8 to address this vulnerability. A patch has been released to fix the insufficient input sanitization and output escaping issues (Wordpress Patch).