CVE-2023-2334: 
WordPress vulnerability analysis and mitigation

The vulnerability (CVE-2023-2334) affects the Easy Digital Downloads Google Sheet Connector WordPress plugin before version 1.6.6 and edd-google-sheet-connector-pro WordPress plugin before version 1.4. The vulnerability was discovered and disclosed on April 27, 2023. The issue stems from the absence of CSRF (Cross-Site Request Forgery) protection when updating the plugin's Access Code (WPScan).

The vulnerability is classified as a Cross-Site Request Forgery (XSS) issue with a CVSS score of 6.3 (medium). The technical flaw lies in the plugin's failure to implement CSRF checks during Access Code updates, making it susceptible to CSRF attacks. The vulnerability is tracked under OWASP Top 10 category A7: Cross-Site Scripting (XSS) and CWE-79 (WPScan).

The vulnerability allows attackers to manipulate logged-in administrators into changing their access code to an arbitrary value through a CSRF attack. This could potentially lead to unauthorized access to the plugin's functionality and compromise the integration between Easy Digital Downloads and Google Sheets (WPScan).

The vulnerability has been patched in Easy Digital Downloads Google Sheet Connector version 1.6.6 and edd-google-sheet-connector-pro version 1.4. Users are advised to update their installations to these or later versions to mitigate the security risk (WPScan).