CVE-2023-27423: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the Ramon Fincken Auto Prune Posts WordPress plugin, affecting versions 1.8.0 and below. The vulnerability was reported on March 7, 2023, and publicly disclosed on March 13, 2023. The issue was assigned CVE-2023-27423 and has been fixed in version 2.0.0 (Patchstack).

The vulnerability stems from the plugin's lack of CSRF protection when updating its Post deletion settings. It has been classified under CWE-352 (Cross-Site Request Forgery). The vulnerability received a CVSS v3.1 base score of 5.4 (Medium) from Patchstack with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L, while NIST assigned a higher CVSS score of 8.8 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (NVD, WPScan).

The vulnerability could allow attackers to force logged-in administrators to perform unwanted actions related to post deletion settings through a CSRF attack. This security issue has been categorized as having a low severity impact, though its specific implications may vary depending on the implementation (Patchstack).

The vulnerability has been patched in version 2.0.0 of the Auto Prune Posts plugin. Users are advised to update to version 2.0.0 or later to remove the vulnerability. Patchstack users have the option to enable auto-update for vulnerable plugins (Patchstack).