CVE-2023-24417: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was identified in tiggersWelt.Net Worthy plugin versions 1.6.5-6497609 and earlier. The vulnerability was discovered on January 22, 2023, and was publicly disclosed on May 30, 2023. This security issue affects the WordPress plugin 'Worthy – VG WORT Integration für WordPress' (Patchstack).

The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (MEDIUM) by NIST with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N. However, Patchstack assessed it with a lower CVSS score of 4.3 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. The vulnerability is classified under CWE-352 (Cross-Site Request Forgery) (NVD).

This vulnerability could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. The security issue has been assessed to have a low severity impact and is considered unlikely to be exploited (Patchstack).

The vulnerability has been fixed in version 1.7.0-0cde1c2 of the plugin. Users are advised to update to this version or later to remove the vulnerability. Patchstack users have the option to enable auto-update for vulnerable plugins (Patchstack).