CVE-2023-5744: 
WordPress vulnerability analysis and mitigation

CVE-2023-5744 affects the Very Simple Google Maps plugin for WordPress in versions up to and including 2.9. The vulnerability was discovered and disclosed in October 2023, with the initial NVD publication date being October 25, 2023. This security issue is classified as a Stored Cross-Site Scripting vulnerability that impacts the plugin's 'vsgmap' shortcode functionality (NVD).

The vulnerability stems from insufficient input sanitization and output escaping on user-supplied attributes in the 'vsgmap' shortcode. The CVSS v3.1 base score is 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. An alternative assessment by Wordfence rates it at 6.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N (NVD).

When successfully exploited, this vulnerability allows authenticated attackers with contributor-level permissions or higher to inject arbitrary web scripts into pages. These malicious scripts will execute whenever a user accesses an affected page, potentially compromising the security of site visitors (NVD).

A patch for this vulnerability has been released and is available in the WordPress plugin repository. Users should update their Very Simple Google Maps plugin to the latest version available after version 2.9 to mitigate this security risk (WordPress Patch).