CVE-2023-50830: 
WordPress vulnerability analysis and mitigation

The Seos Contact Form WordPress plugin contains a Stored Cross-Site Scripting (XSS) vulnerability, identified as CVE-2023-50830. The vulnerability was discovered by DoYeon Park (p6rkdoye0n) and publicly disclosed on December 19, 2023. This security issue affects all versions of Seos Contact Form up to and including version 1.8.0. The vulnerability is particularly relevant for multi-site installations and installations where unfiltered_html has been disabled (WPScan).

The vulnerability is classified as an Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) issue, categorized under CWE-79. It has received varying CVSS scores from different sources: NIST assigned a CVSS v3.1 base score of 4.8 (Medium) with vector CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N, while Patchstack rated it at 5.9 (Medium) with vector CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L (NVD, Patchstack).

The vulnerability allows authenticated attackers with administrator-level permissions to inject arbitrary web scripts into pages. These malicious scripts will execute whenever a user accesses an injected page, potentially leading to unauthorized actions, data theft, or site manipulation (WPScan).

As of the latest reports, there is no official fix available for this vulnerability. The issue is considered to have a low severity impact and is unlikely to be exploited due to the required administrative privileges (Patchstack).