CVE-2023-5205: 
WordPress vulnerability analysis and mitigation

The Add Custom Body Class plugin for WordPress contains a Stored Cross-Site Scripting vulnerability (CVE-2023-5205) discovered in versions up to and including 1.4.1. The vulnerability was identified in October 2023 and affects the 'addcustombody_class' value functionality (NVD).

The vulnerability stems from insufficient input sanitization and output escaping in the 'addcustombody_class' value parameter. This security flaw has received a CVSS v3.1 base score of 5.4 (Medium) from NIST and 6.4 (Medium) from Wordfence, with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. The vulnerability is classified as CWE-79: Improper Neutralization of Input During Web Page Generation (NVD).

When exploited, this vulnerability allows authenticated attackers with contributor-level access or higher to inject arbitrary web scripts into pages. These malicious scripts will execute whenever a user accesses an affected page, potentially compromising the security of site visitors (NVD).

Users should update to a version newer than 1.4.1 of the Add Custom Body Class plugin to address this vulnerability. If immediate updating is not possible, consider restricting access to the plugin's functionality to trusted administrators only (NVD).