CVE-2023-6456: 
WordPress vulnerability analysis and mitigation

The WP Review Slider WordPress plugin before version 13.0 contains a stored Cross-Site Scripting (XSS) vulnerability. This security issue was discovered and publicly disclosed on December 26, 2023, and was assigned the identifier CVE-2023-6456. The vulnerability affects the WordPress plugin 'wp-facebook-reviews' in all versions prior to 13.0 (WPScan Advisory).

The vulnerability stems from insufficient sanitization and escaping of certain settings within the plugin. This security weakness is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation). The vulnerability has received a CVSS v3.1 base score of 4.8 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N (NVD).

The vulnerability allows high-privilege users such as administrators to perform Stored Cross-Site Scripting attacks, even in environments where the unfiltered_html capability is disallowed, such as in multisite setups. This could potentially lead to the execution of malicious JavaScript code in users' browsers (WPScan Advisory).

The vulnerability has been fixed in version 13.0 of the WP Review Slider plugin. Users are advised to update to this version or later to mitigate the security risk (WPScan Advisory).