CVE-2023-23992: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the AutomatorWP WordPress plugin versions 2.5.0 and below. The vulnerability was reported on January 4, 2023, and publicly disclosed on January 20, 2023. AutomatorWP is a no-code automation plugin for WordPress, and this security issue affects its object deletion functionality (Patchstack).

The vulnerability is classified as a Cross-Site Request Forgery (CSRF) issue, which received a CVSS score of 5.4, indicating a low severity impact. It falls under the OWASP Top 10 category A5: Broken Access Control. The vulnerability could be exploited without authentication, though specific technical exploitation details were not publicly disclosed (Patchstack).

The vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. This could potentially lead to unauthorized object deletion within the plugin's functionality (Patchstack).

The vulnerability was patched in version 2.5.1 of the AutomatorWP plugin. Users are advised to update to version 2.5.1 or later to remove the vulnerability. Patchstack users have the option to enable auto-updates for vulnerable plugins (Patchstack).