CVE-2023-23795: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was identified in the Muneeb Form Builder WordPress plugin affecting versions 1.9.9.0 and below. The vulnerability was discovered by Rafshanzani Suhada on January 10, 2023, and was publicly disclosed on June 19, 2023. This security issue was assigned the identifier CVE-2023-23795 (Patchstack).

The vulnerability has been assessed with multiple CVSS scores: NIST assigned a CVSS v3.1 Base Score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, while Patchstack rated it at 7.1 (HIGH) with the vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H. The vulnerability is classified under CWE-352 (Cross-Site Request Forgery) (NVD).

The vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. This CSRF vulnerability potentially enables attackers to perform unauthorized actions on behalf of authenticated users (Patchstack).

As of the latest reports, no official fix is available for this vulnerability. The security issue has been classified as having a low severity impact and is considered unlikely to be exploited (Patchstack).