CVE-2023-23791: 
WordPress vulnerability analysis and mitigation

Cross-Site Request Forgery (CSRF) vulnerability was discovered in HasThemes HT Menu plugin versions 1.2.1 and below for WordPress. The vulnerability was identified on January 18, 2023, and was assigned CVE-2023-23791 (Patchstack).

The vulnerability stems from inadequate validation of certain requests using nonces, which can lead to Cross-Site Request Forgery (CSRF). The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (HIGH) by NVD with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, while Patchstack assessed it with a CVSS score of 4.3 (MEDIUM) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N (NVD, WPScan).

This vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The vulnerability is classified under OWASP Top 10 category A2: Broken Authentication and Session Management and CWE-352 (Patchstack).

The vulnerability has been fixed in version 1.2.2 of the HT Menu plugin. Users are advised to update to version 1.2.2 or later to remove the vulnerability (WPScan).