CVE-2023-1068: 
WordPress vulnerability analysis and mitigation

The Download Read More Excerpt Link plugin for WordPress (versions up to 1.6.0) contains a Cross-Site Request Forgery (CSRF) vulnerability identified as CVE-2023-1068. The vulnerability was discovered in February 2023 and affects the read_more_excerpt_link_menu_options() function due to missing or incorrect nonce validation (NVD).

The vulnerability stems from improper security controls in the read_more_excerpt_link_menu_options() function, specifically the lack of proper nonce validation. This security weakness could allow unauthenticated attackers to modify plugin settings through forged requests. The vulnerability has been assigned a CVSS v3.1 base score of 4.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N (NVD).

If successfully exploited, this vulnerability allows attackers to update the plugin's settings by tricking site administrators into performing specific actions, such as clicking on malicious links. The impact is limited to plugin configuration changes, but could affect how excerpts and 'Read More' links are displayed on the website (NVD).

The vulnerability has been patched in version 1.6.1 of the Download Read More Excerpt Link plugin. The fix includes the implementation of proper nonce validation in the affected function. Site administrators are advised to update to the latest version of the plugin (WordPress Plugin).