CVE-2023-25470: 
WordPress vulnerability analysis and mitigation

The Cross-Site Request Forgery (CSRF) vulnerability affects Anton Skorobogatov's Rus-To-Lat WordPress plugin versions 0.3 and below. The vulnerability was discovered by Rio Darmawan and was disclosed on February 28, 2023, receiving the identifier CVE-2023-25470. This security issue allows potential attackers to force privileged users to execute unwanted actions under their current authentication (Patchstack).

The vulnerability has received varying CVSS severity assessments. The NVD assigned a Base Score of 8.8 (HIGH) with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, while Patchstack rated it as MEDIUM severity with a score of 4.3 and vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. The vulnerability is classified under CWE-352 (Cross-Site Request Forgery) (NVD).

The vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The specific impact varies case by case, but the overall severity is considered low to medium based on the CVSS scores (Patchstack).

As of the vulnerability disclosure, no official fix has been made available for this security issue. Given its low severity impact, it is considered unlikely to be exploited, and virtual patching is deemed unnecessary (Patchstack).