CVE-2023-23984: 
WordPress vulnerability analysis and mitigation

The Cross-Site Request Forgery (CSRF) vulnerability was identified in the Wow-Company Bubble Menu – circle floating menu WordPress plugin versions 3.0.1 and below. The vulnerability was discovered on January 6, 2023, and publicly disclosed on January 20, 2023. This security issue was assigned CVE-2023-23984 and affects the plugin's functionality related to user actions (Patchstack).

The vulnerability is classified as a Cross-Site Request Forgery (CSRF) issue with a CVSS score of 5.4, indicating a low to moderate severity. The vulnerability type falls under the OWASP Top 10 category A5: Broken Access Control. The security flaw can be exploited without authentication, making it accessible to unauthenticated attackers (Patchstack).

The CSRF vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. This could potentially lead to unauthorized actions being performed on behalf of authenticated users without their knowledge or consent (Patchstack).

The vulnerability was patched in version 3.0.2 of the Bubble Menu plugin. Users are advised to update to version 3.0.2 or later to remediate the security issue. The fix was released shortly after the vulnerability disclosure (Patchstack).