CVE-2023-23659: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was identified in MainWP Matomo Extension versions 4.0.4 and below. The vulnerability was discovered by Dave Jong from Patchstack and was publicly disclosed on January 17, 2023. This security issue affects the WordPress plugin MainWP Matomo Extension and has been assigned the identifier CVE-2023-23659 (Patchstack).

The vulnerability has been classified as a Cross-Site Request Forgery (CSRF) issue, categorized under CWE-352. According to the National Vulnerability Database, it received a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, while Patchstack assessed it with a CVSS score of 4.3 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N (NVD).

The vulnerability could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. The specific impact involves potential changes to plugin settings when exploited successfully (Patchstack).

The vulnerability has been fixed in version 4.0.5 of the MainWP Matomo Extension. Users are advised to update to version 4.0.5 or later to remove the vulnerability. No alternative workarounds have been provided (Patchstack).