CVE-2023-27447: 
WordPress vulnerability analysis and mitigation

The CVE-2023-27447 affects VeronaLabs WP SMS – Messaging & SMS Notification plugin for WordPress, WooCommerce, and GravityForms through version 6.0.4. This vulnerability is classified as an Exposure of Sensitive Information to an Unauthorized Actor vulnerability (NVD, Patchstack).

The vulnerability is characterized by improper authorization implementation in the plugin's REST API, which could lead to sensitive information disclosure. The vulnerability has received varying CVSS scores: a CVSS v3.1 Base Score of 7.5 (HIGH) from NVD with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, and a score of 5.3 (MEDIUM) from Patchstack with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. The vulnerability is categorized under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) (NVD, WPScan).

The vulnerability could allow malicious actors to access sensitive information that is normally not available to regular users. This unauthorized access to sensitive data could potentially be used to exploit other weaknesses in the system (Patchstack).

Users are advised to update to version 6.0.4.1 or later to resolve the vulnerability. For Patchstack users, virtual patching is available to mitigate this issue by blocking potential attacks until the update can be applied (Patchstack).