CVE-2023-5943: 
WordPress vulnerability analysis and mitigation

The vulnerability CVE-2023-5943 affects the Wp-Adv-Quiz WordPress plugin versions before 1.0.3. The vulnerability was discovered by Rafael Aristodimou and was publicly disclosed on January 3, 2024. This security issue involves improper sanitization and escaping of quiz settings in the plugin (WPScan).

The vulnerability is classified as a Cross-Site Scripting (XSS) issue, specifically identified as CWE-79 (Improper Neutralization of Input During Web Page Generation). It has received a CVSS v3.1 base score of 4.8 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N. The technical assessment indicates that the vulnerability requires high privileges but has a low attack complexity (NVD).

The vulnerability allows high-privilege users such as administrators to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. This could potentially lead to the execution of arbitrary JavaScript code in users' browsers when viewing affected quiz content (WPScan).

The vulnerability has been patched in version 1.0.3 of the Wp-Adv-Quiz plugin. Users are advised to update to this version or later to mitigate the security risk (WPScan).