CVE-2023-6503: 
WordPress vulnerability analysis and mitigation

The WP Plugin Lister WordPress plugin through version 2.1.0 contains a security vulnerability identified as CVE-2023-6503. The vulnerability stems from missing CSRF protection mechanisms and inadequate input sanitization and escaping, which could enable attackers to inject stored XSS payloads through CSRF attacks when targeting logged-in administrators (WPScan, NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N. The issue is classified as CWE-352 (Cross-Site Request Forgery). The vulnerability affects all versions of the plugin up to and including version 2.1.0, allowing attackers to exploit missing CSRF checks and input validation to perform stored XSS attacks (NVD).

When successfully exploited, this vulnerability allows attackers to inject stored XSS payloads into the application through CSRF attacks. This can lead to potential execution of malicious JavaScript code in the context of authenticated administrators' sessions, potentially compromising the security of the WordPress installation (WPScan).

Currently, there is no known fix available for this vulnerability. Users of the WP Plugin Lister WordPress plugin should consider either removing the plugin or implementing additional security controls to prevent CSRF attacks (WPScan).