CVE-2023-7230: 
WordPress vulnerability analysis and mitigation

The illi Link Party! WordPress plugin through version 1.0 contains a stored Cross-Site Scripting (XSS) vulnerability that affects users with administrative privileges. The vulnerability was discovered and disclosed in January 2024, identified as CVE-2023-7230 (WPScan, CVE Mitre).

The vulnerability exists due to insufficient sanitization and escaping of parameters in the plugin's settings page. Specifically, the 'Party Name' and 'Party Description' fields under the 'Add a New Party' section are vulnerable to XSS attacks. The vulnerability has been assigned a CVSS score of 3.5 (low severity) (WPScan).

The vulnerability allows authenticated users with administrative access to store and execute malicious JavaScript code on the website. When triggered, this could potentially lead to client-side attacks against other administrative users who access the affected pages (WPScan).

Currently, there is no known fix available for this vulnerability. Website administrators using the illi Link Party! plugin should consider either removing the plugin or implementing additional security controls to restrict access to the plugin's settings page (WPScan).