CVE-2023-2717: 
WordPress vulnerability analysis and mitigation

The Groundhogg plugin for WordPress (versions up to and including 2.7.9.8) contains a Cross-Site Request Forgery (CSRF) vulnerability identified as CVE-2023-2717. The vulnerability stems from missing nonce validation on the 'enablesafemode' function, which was discovered and disclosed on May 19, 2023. This security flaw affects the WordPress plugin Groundhogg, a CRM and marketing automation tool (NVD).

The vulnerability is classified as CWE-352 (Cross-Site Request Forgery) and has received a CVSS v3.1 base score of 4.3 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. Wordfence has assigned a slightly higher CVSS score of 5.4 (MEDIUM) with the vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L (NVD).

When exploited, this vulnerability allows unauthenticated attackers to enable safe mode, which results in the disabling of all other plugins on the WordPress installation. While a warning message about safe mode is displayed to the administrator, this warning can be easily dismissed (NVD).

The vulnerability has been patched in versions after 2.7.9.8. Users are advised to update their Groundhogg plugin to the latest version to mitigate this security risk (Wordfence).