CVE-2023-51506: 
WordPress vulnerability analysis and mitigation

The vulnerability (CVE-2023-51506) affects the WPCS – WordPress Currency Switcher Professional plugin through version 1.2.0. It is a Stored Cross-Site Scripting (XSS) vulnerability that stems from improper neutralization of input during web page generation (NVD, WPScan).

The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation) with a CVSS v3.1 base score of 5.4 (MEDIUM) according to NVD, and 5.5 (MEDIUM) according to Patchstack. The CVSS vector string is CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, indicating network accessibility, low attack complexity, required low privileges, and user interaction (NVD).

The vulnerability allows authenticated attackers with contributor-level permissions or higher to inject arbitrary web scripts into pages. These malicious scripts will execute when users visit the affected pages, potentially leading to compromised data security and page integrity (Patchstack).

The vulnerability has been fixed in version 1.2.0.1 of the WPCS – WordPress Currency Switcher Professional plugin. Users are advised to update to this version or later to remove the vulnerability. Patchstack users can enable auto-update for vulnerable plugins as an additional security measure (Patchstack).