CVE-2023-26518: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was identified in AccessPress Themes WP TFeed plugin versions 1.6.9 and below. The vulnerability was discovered by Rio Darmawan and was disclosed on February 28, 2023 (Patchstack).

The vulnerability has been assigned CVE-2023-26518 and received varying CVSS scores from different sources. The National Vulnerability Database (NVD) assessed it with a CVSS v3.1 Base Score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, while Patchstack rated it with a CVSS score of 5.4 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L. The vulnerability is classified under CWE-352 (Cross-Site Request Forgery) (NVD).

This vulnerability could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. The security issue has been assessed to have a low severity impact and is considered unlikely to be exploited (Patchstack).

As of the latest reports, no official fix is available for this vulnerability. The issue was initially reported on February 12, 2023, and an early warning was sent to Patchstack customers on February 28, 2023 (Patchstack).