CVE-2023-23872: 
WordPress vulnerability analysis and mitigation

The WordPress GMAce plugin versions 1.5.2 and below were found to contain an Arbitrary File Download vulnerability, identified as CVE-2023-23872. This security issue was discovered by researcher Kévin Mosbahi (Mika) and was publicly disclosed on February 23, 2023. The vulnerability affects the GMAce WordPress plugin and requires administrator privileges to exploit (Patchstack).

The vulnerability has been assigned a CVSS score of 4.9, indicating a low severity impact. It is classified as a Security Misconfiguration issue according to the OWASP Top 10 (A6) category. The vulnerability allows for arbitrary file download capabilities when exploited by an authenticated administrator (Patchstack).

If exploited, this vulnerability could allow a malicious actor with administrative access to download any file from the affected website. This includes sensitive files such as those containing login credentials or backup files (Patchstack).

As of the vulnerability disclosure, no official fix has been made available for this security issue. Given the low severity impact and the requirement of administrative privileges, the vulnerability is considered to have minimal risk, and virtual patching has been deemed unnecessary (Patchstack).