CVE-2023-6081: 
WordPress vulnerability analysis and mitigation

The chartjs WordPress plugin through version 2023.2 contains a stored Cross-Site Scripting (XSS) vulnerability. The vulnerability was discovered in the plugin's settings functionality, where certain settings are not properly sanitized and escaped (WPScan).

The vulnerability exists due to improper sanitization and escaping of settings in the plugin. This security issue specifically affects high-privilege users such as administrators, allowing them to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed, which is particularly relevant in multisite setups. The vulnerability has been assigned a CVSS v3.1 base score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N (NVD).

The vulnerability allows high-privilege users to inject and store malicious JavaScript code that can be executed when other users view affected pages. This could lead to unauthorized actions being performed on behalf of other users, potential data theft, or manipulation of the website content (WPScan).

As of the current information available, there is no known fix for this vulnerability in the chartjs WordPress plugin. Users are advised to exercise caution when using the plugin, particularly in multisite setups where the unfiltered_html capability is disallowed (WPScan).