CVE-2023-6744: 
WordPress vulnerability analysis and mitigation

The Divi theme for WordPress is vulnerable to Stored Cross-Site Scripting (CVE-2023-6744) via the plugin's 'et_pb_text' shortcode in versions up to and including 4.23.1. The vulnerability exists due to insufficient input sanitization and output escaping on user-supplied custom field data (NVD).

The vulnerability allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages through the 'et_pb_text' shortcode. The scripts will execute whenever a user accesses an injected page. The vulnerability has been assigned a CVSS v3.1 Base Score of 5.4 (Medium) with vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N (NVD).

When exploited, this vulnerability allows attackers to inject malicious scripts that execute in users' browsers when they visit affected pages. This could lead to various attacks including cookie theft, session hijacking, or other client-side attacks (NVD).

The vulnerability was patched in version 4.23.2 of the Divi theme. Users should update to this version or later to mitigate the risk. The update includes improved input sanitization and output escaping for custom field data (Elegant Themes).