CVE-2023-27632: 
WordPress vulnerability analysis and mitigation

Cross-Site Request Forgery (CSRF) vulnerability affects the mmrs151 Daily Prayer Time WordPress plugin in versions up to and including 2023.03.08. The vulnerability was discovered and reported on February 21, 2023, and was subsequently fixed in version 2023.03.18 (Patchstack).

The vulnerability stems from the plugin's lack of CSRF protection when updating its settings. This security flaw has been assigned CVE-2023-27632 and is classified as CWE-352 (Cross-Site Request Forgery). The vulnerability has received varying CVSS v3.1 scores: NIST rates it as HIGH with a base score of 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), while Patchstack assigns it a MEDIUM severity with a score of 5.4 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L) (NVD, WPScan).

The vulnerability could allow attackers to make a logged-in administrator change the plugin's settings through a CSRF attack. This could potentially lead to unauthorized modifications of the plugin's configuration (WPScan).

Users are advised to update to version 2023.03.18 or later of the Daily Prayer Time plugin to resolve this vulnerability. This version includes the necessary CSRF protection mechanisms (Patchstack).