CVE-2023-51403: 
WordPress vulnerability analysis and mitigation

The vulnerability (CVE-2023-51403) is a Stored Cross-Site Scripting (XSS) issue affecting the Nicdark Restaurant Reservations WordPress plugin versions up to and including 1.8. The vulnerability was discovered and reported by resecured.io on October 15, 2023, and was publicly disclosed on December 27, 2023 (Patchstack).

The vulnerability is classified as an Improper Neutralization of Input During Web Page Generation (CWE-79) that allows for Stored Cross-Site Scripting. It has received a CVSS v3.1 base score of 5.4 (Medium) from NVD with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, while Patchstack assigned it a slightly higher score of 6.5 (Medium) (NVD).

The vulnerability could allow authenticated attackers with contributor-level access or higher to inject arbitrary web scripts into pages. These malicious scripts will execute whenever a user accesses an injected page, potentially leading to unauthorized actions, data theft, or page manipulation (WPScan).

The vulnerability has been fixed in version 1.9 of the Restaurant Reservations plugin. Users are advised to update to version 1.9 or later to remove the vulnerability (Patchstack).