CVE-2023-23861: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was identified in the German Mesky GMAce WordPress plugin versions 1.5.2 and below. The vulnerability was discovered by researcher Kévin Mosbahi (Mika) and was assigned CVE-2023-23861 on January 19, 2023, with public disclosure occurring on February 23, 2023 (Patchstack).

The vulnerability has received varying severity assessments from different organizations. The National Vulnerability Database (NVD) assigned it a CVSS v3.1 Base Score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, while Patchstack rated it with a CVSS score of 5.4 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L. The vulnerability is classified under CWE-352 (Cross-Site Request Forgery) (NVD).

This vulnerability could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. The security issue has been assessed to have a low to high severity impact, depending on the scoring system used (Patchstack).

As of the latest reports, no official fix is available for this vulnerability. The issue was reported on January 18, 2023, and an early warning was sent to Patchstack customers on February 23, 2023 (Patchstack).