CVE-2023-25788: 
WordPress vulnerability analysis and mitigation

Cross-Site Request Forgery (CSRF) vulnerability was discovered in Saphali Woocommerce Lite plugin versions 1.8.13 and earlier. The vulnerability was disclosed on July 26, 2023, and affects the WordPress plugin's settings functionality. The issue was assigned CVE-2023-25788 and has been fixed in version 1.9.0 (Patchstack).

The vulnerability stems from the absence of CSRF protection mechanisms in the plugin's settings update and reset functionality. This security flaw is classified as CWE-352 (Cross-Site Request Forgery). The severity assessment varies, with NVD assigning a CVSS v3.1 Base Score of 8.8 (HIGH) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, while Patchstack rates it at 6.3 (MEDIUM) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L (NVD).

The vulnerability could allow attackers to make a logged-in administrator change and reset the plugin's settings through a CSRF attack. This could potentially lead to unauthorized modification of the plugin's configuration without the administrator's knowledge or consent (WPScan).

The vulnerability has been patched in version 1.9.0 of the Saphali Woocommerce Lite plugin. Users are advised to update to version 1.9.0 or later to resolve the security issue (Patchstack).