CVE-2023-24421: 
WordPress vulnerability analysis and mitigation

Cross-Site Request Forgery (CSRF) vulnerability was discovered in WP Engine PHP Compatibility Checker plugin versions 1.5.2 and below. The vulnerability was disclosed on April 6, 2023, and was assigned CVE-2023-24421. The issue affects the WordPress plugin php-compatibility-checker and was fixed in version 1.6.0 (Patchstack).

The vulnerability is classified as CWE-352 (Cross-Site Request Forgery) and received varying CVSS scores from different sources. The National Vulnerability Database (NVD) assigned a CVSS v3.1 Base Score of 8.8 (HIGH) with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, while Patchstack rated it with a CVSS score of 5.4 (MEDIUM) with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L (NVD).

The vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The impact varies case by case, but generally affects the integrity and security of the WordPress installation where the vulnerable plugin is active (Patchstack).

Users are advised to update to PHP Compatibility Checker version 1.6.0 or later to remediate this vulnerability. The issue has been fixed in version 1.6.0, and updating is the recommended solution (WPScan).