CVE-2023-6621: 
WordPress vulnerability analysis and mitigation

CVE-2023-6621 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting the POST SMTP WordPress plugin versions before 2.8.7. The vulnerability was discovered and publicly disclosed on December 21, 2023, and received a CVSS v3.1 base score of 6.1 (Medium) (NVD, WPScan).

The vulnerability exists because the plugin fails to properly sanitize and escape the 'msg' parameter before outputting it back in the page. This security flaw is classified as CWE-79: Improper Neutralization of Input During Web Page Generation. The vulnerability has a CVSS v3.1 Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, indicating network accessibility with low attack complexity (NVD).

The vulnerability could be exploited to perform Reflected Cross-Site Scripting attacks specifically targeting high-privilege users such as administrators. This could potentially lead to unauthorized actions being performed in the context of the administrator's session (WPScan).

The vulnerability has been fixed in POST SMTP plugin version 2.8.7. Users are advised to update to this version or later to mitigate the security risk (WPScan).