CVE-2023-51373: 
WordPress vulnerability analysis and mitigation

A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in Ian Kennerley's Google Photos Gallery with Shortcodes WordPress plugin, affecting versions up to 4.0.2. The vulnerability was reported on August 28, 2023, by researcher Le Ngoc Anh and was officially published on December 26, 2023 (Patchstack).

The vulnerability is classified as an Improper Neutralization of Input During Web Page Generation (CWE-79) issue. It received a CVSS v3.1 base score of 6.1 (Medium) from NIST and 7.1 (High) from Patchstack, with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, indicating that it is network-accessible, requires low attack complexity, and needs user interaction (NVD).

This Cross-Site Scripting vulnerability could allow malicious actors to inject harmful scripts, including redirects and advertisements, into the website. These malicious payloads would be executed when visitors access the affected site (Patchstack).

The vulnerability has been patched in version 4.0.3 of the plugin. Users are advised to update to version 4.0.3 or later to resolve the issue. Patchstack has also issued a virtual patch to mitigate this vulnerability by blocking potential attacks until users can update to the fixed version (Patchstack).