CVE-2023-27430: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the Ramon Fincken Mass Delete Unused Tags WordPress plugin versions 2.0.0 and below. The vulnerability was reported on March 7, 2023, and publicly disclosed on March 13, 2023, by security researcher Kévin Mosbahi (Mika) (Patchstack).

The vulnerability has been assigned CVE-2023-27430 and received varying CVSS scores from different sources. The National Vulnerability Database (NVD) assessed it with a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, while Patchstack rated it with a CVSS score of 5.4 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L. The vulnerability is classified under CWE-352 (Cross-Site Request Forgery) (NVD).

This vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The impact severity varies depending on the specific implementation and context (Patchstack).

The vulnerability has been patched in version 3.0.0 of the Mass Delete Unused Tags plugin. Users are advised to update to version 3.0.0 or later to remove the vulnerability. It's worth noting that the software appears to be abandoned, as it hasn't been updated for over a year, and users should consider replacing it with an alternative solution (Patchstack).