CVE-2023-5343: 
WordPress vulnerability analysis and mitigation

The Popup box WordPress plugin before version 3.7.9 contains a Cross-Site Scripting (XSS) vulnerability identified as CVE-2023-5343. The vulnerability was discovered and publicly disclosed on October 27, 2023. The issue affects the ays-popup-box WordPress plugin and stems from improper sanitization and escaping of certain settings (WPScan).

The vulnerability is classified as a Stored Cross-Site Scripting (XSS) issue with a CVSS v3.1 base score of 4.8 (Medium) and vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N. The weakness is categorized under CWE-79 (Improper Neutralization of Input During Web Page Generation). The vulnerability exists due to insufficient input sanitization in the plugin's settings, particularly in the Custom content and Popup description fields (NVD).

When exploited, this vulnerability allows high-privilege users such as administrators to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. This could potentially lead to the execution of arbitrary web scripts in the context of other users' browsers (WPScan).

The vulnerability has been patched in version 3.7.9 of the Popup box WordPress plugin. Users are advised to update to this version or later to mitigate the security risk (WPScan).