CVE-2023-25467: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was identified in the WordPress Resize at Upload Plus plugin versions 1.3 and below. The vulnerability was discovered by researcher Mika and was publicly disclosed on March 3, 2023. This security issue was assigned the identifier CVE-2023-25467 (Patchstack).

The vulnerability has received varying CVSS severity assessments. The NVD assigned a CVSS v3.1 Base Score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, while Patchstack rated it at 5.4 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L. The vulnerability is classified under CWE-352 (Cross-Site Request Forgery) (NVD).

The vulnerability could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. The specific impact varies case by case, though Patchstack has classified this as a low-priority security issue that is unlikely to be exploited (Patchstack).

As of the latest reports, no official fix is available for this vulnerability. The issue affects versions 1.3 and below of the Resize at Upload Plus plugin (Patchstack).