CVE-2023-7228: 
WordPress vulnerability analysis and mitigation

The illi Link Party! WordPress plugin through version 1.0 contains a Cross-Site Scripting (XSS) vulnerability identified as CVE-2023-7228. The vulnerability was discovered by Bob Matyas and publicly disclosed on January 23, 2024. This security issue affects unauthenticated visitors and stems from the plugin's failure to properly handle certain parameters (WPScan, Wiz).

The vulnerability arises from the plugin's failure to properly sanitize and escape certain parameters in the link party submission functionality. It has been assigned a CVSS v3.1 base score of 6.1 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, indicating that it can be exploited remotely without authentication but requires user interaction (NIST NVD, Wiz).

When successfully exploited, this vulnerability enables unauthenticated visitors to perform Cross-Site Scripting attacks through the link party submission feature. This could potentially lead to the execution of malicious JavaScript code in users' browsers who view the affected pages (WPScan).

As of the vulnerability disclosure, there is no known fix available for this issue. Users of the illi Link Party! WordPress plugin are advised to consider disabling the plugin until a security update is released (Wiz).