CVE-2023-5469: 
WordPress vulnerability analysis and mitigation

The Drop Shadow Boxes plugin for WordPress (CVE-2023-5469) contains a Stored Cross-Site Scripting vulnerability in versions up to and including 1.7.13. The vulnerability exists in the 'dropshadowbox' shortcode due to insufficient input sanitization and output escaping on user-supplied attributes (NVD).

The vulnerability is classified as a Cross-Site Scripting (CWE-79) issue with a CVSS v3.1 base score of 5.4 (Medium) according to NVD, and 6.4 (Medium) according to Wordfence. The attack vector is network-based (AV:N) with low attack complexity (AC:L), requiring low privileges (PR:L) and user interaction (UI:R). The scope is changed (S:C) with low confidentiality and integrity impact (C:L, I:L) and no availability impact (A:N) (NVD).

The vulnerability allows authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages. These malicious scripts will execute whenever a user accesses an injected page, potentially leading to unauthorized access to user data or manipulation of website content (NVD).

Users should update to a version newer than 1.7.13 of the Drop Shadow Boxes plugin. The vulnerability has been patched through improved input sanitization and output escaping (Wordpress Patch).