CVE-2023-23790: 
NixOS vulnerability analysis and mitigation

Cross-Site Request Forgery (CSRF) vulnerability was discovered in Pods Framework Team's Pods – Custom Content Types and Fields plugin versions 2.9.10.2 and below for WordPress. The vulnerability was identified on January 18, 2023, and was assigned CVE-2023-23790 (Patchstack).

The vulnerability stems from the absence of CSRF checks when deleting pods, which could enable attackers to manipulate logged-in administrators into performing unintended deletion actions through CSRF attacks. The vulnerability has received a CVSS v3.1 base score of 8.8 (HIGH) from NVD with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, while Patchstack assessed it with a score of 7.1 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H (NVD).

The vulnerability could allow attackers to force authenticated administrators to delete pods without their knowledge or consent through CSRF attacks. This could potentially lead to loss of data and disruption of website functionality (WPScan).

The vulnerability has been fixed in version 2.9.11 of the Pods plugin. Users are advised to update to this version or later to remediate the security issue (Patchstack).